Windows Meta File Vunerability background


Link: <a title="
SANS – Internet Storm Center – Cooperative Cyber Threat Monitor And Alert System ” href=”″&gt;
SANS – Internet Storm Center – Cooperative Cyber Threat Monitor And Alert System .

1) There is a serious vulnerability in Microsoft operating systems.

2) An official patch will not be available from Microsoft until Jan. 10.

3) There are multiple propogation vectors: e-mail, instant messaging, websurfing, etc.

4) Several different versions of the exploit are in the wild and are being actively used by criminal groups. All propogation methods are being used. As of Wednesday, Jan 4 20:15:00 UTC, our current poll indicates that 22% of respondents (340) have seen exploit attempts through one of the exploitation vectors.

5) Tools to generate random files to exploit the vulnerability are publicly available. These tools may be used to evade anti-virus andIDS/IPS signatures.

6) Anti-virus signatures and intrusion detection/prevention systemsignatures may only be able to catch the first generation of exploits.

The news about this exploit gets worse and worse. I was talking to a person who overseas a small business’ computers about this today. He not only hadn’t heard about, he figured since he was running Windows XP with out any service patches, he was not vulnerable to this problem.

I tried to explain the issue, but there was no penetrating his shields. He’s not going to do anything. And I fully expect that he’s not alone in this.

The article linked above is arguing that we might be in danger of a rapidly propagating virus storm on the Internet. I’d think it was just hype, but I keep having conversations like the one today…

The Author

Episcopal bishop, dad, astronomer, erstwhile dancer...