|
 |
|
 |
| Tuesday, February 07, 2012
|
| Register Login |
 |
|
|
|
|
Users currently online
|
 |
|
|
|
 |
Membership: |
 |
Latest:
kevin |
 |
New Today:
0 |
 |
New Yesterday:
0 |
 |
Overall:
56 |
 |
People Online: |
 |
Visitors:
4 |
 |
Members:
0 |
 |
Total:
4 |
Online Now:
|
|
|
|
|
|
|
|
|
|
Welcome to the Viruswarning forums. All your original content has been ported to the new forums as well as new content and additional opportunities to interact with the authors of Viruswarn.com. You can always access old content at www.leedrake.com/forum . You may find some formatting was lost in the conversion and the older versions of the posts to be more readable....
But at least it's all here.
Enjoy!
|
|
|
|
|
|
Viruswarn Forums
|
|
|
|
|
| You are not authorized to post a reply.
|
|
| Author |
Messages |
|
Lee Drake
Posts:238
 |
| 09/28/2004 1:45 AM |
|
| What it is
There is a vulnerability in a key Microsoft library called the GDI Plus library, used by a variety of programs, that can allow executable code to run from a picture file (specifically JPG files). Since JPG files are ubiquitous and are in emails, websites, attachments, and a variety of programs it's nearly impossible to avoid them. Your only defense against this vulnerability, which already has publicly released exploit toolkits, is to patch your systems. This patch is a doozy however - you need to patch your operating system, your office applications, and a number of other Microsoft apps including Visio, MS Project and others. Microsoft has released a special patch for this that not only update your operating system but scans your machine for other vulnerable applications and helps you patch those as well. Due to this you need to do some special additional steps when patching your computer, and you should also be sure to have your office disks handy so that you can patch your office applications.
What you should do
You should apply the patch through http://windowsupdate.microsoft.com. Those of you with SP2 and auto-update turned on may already have been patched, you can confirm this by going to windowsupdate and seeing if it recommends the patch. For those who for whatever reason cannot work with windowsupdate download the patch directly from this page: http://www.microsoft.com/technet/security/bulletin/MS04-028.mspx . ALL USERS should visit this page and compare the list of vulnerable software to what is installed on their computer. You may need to download and install individual updates for applications that are not updated through windows update or office update.
After you have installed the update, either through windows update or from the website, you MUST shut down and restart your machine, and log in as an administrator equivalent account. The update will begin a second phase and scan your disk for other vulnerable applications and guide you through updating those programs as well. It may direct you to the http://officeupdate.microsoft.com site to update office, as Office XP and Office 2003 have vulnerable components. If it does, have your disks ready, as they're usually required any time office is patched.
Be sure that you check the MS04-028 site for additional applications that may require individual patches.
I cannot stress enough how important it is that you update for this problem. So many things have pictures in them these days that not updating can be very dangerous. For instance Powerpoint is one of the affected applications - how many PPT or PPS files have you passed around or gotten in email lately? Visio is vulnerable, Microsoft PictureIt!, Microsoft ImagePro, Producer for Powerpoint, etc. There will be viruses made in the next few months that will exploit all the various types of files that can embed graphics images. As the virus develops it may become polymorphic and send itself around in various guises. Most virus scanning software is written to ignore JPG files, and the types of documents they're embedded in since they're not executable.
Additional Resources
Microsoft patch site: http://www.microsoft.com/technet/security/bulletin/MS04-028.mspx
CERT warning: http://www.us-cert.gov/cas/techalerts/TA04-260A.html
This concludes this viruswarning notice....
Lee Drake
Aztek Computer Solutions, Inc.
274 N. Goodman St Suite B269
Rochester, NY 14607
the human side of computing
Email: ldrake@azcomputer.net
Web: www.azcomputer.net Office Phone: 585-242-2060
Fax number: 585-242-9441
|
|
|
|
|
|
| You are not authorized to post a reply. |
|
|
|
ActiveForums 3.6
|
|
|
|
|
|
|
|
|
|
|
|