Tuesday, January 03, 2006

WMF Exploit: Patches and Workarounds Explained

The folks over at the ISC have put together an excellent graphic slide set (in both PowerPoint and Adobe Acrobat formats) explaining Microsoft's suggested workaround, as well as Ilfak Guilfanov's 'temporary' patch, in detail -- as well as explaining why this issue is so important.

Via The SANS ISC:

We continue to get many questions on the WMF vulnerability, and are trying to explain it a bit more graphically.

Feel free to use the presentations below to explain why you need to use the unofficial patch or how it works on a high level.


To help you answer the "kill" questions:

You might not have seen exploits yet because:

  • You are lucky, estimates are that up to now 10% of our readers have seen them.
  • The bad guys haven't released their worst (yet), but we know they have the tools and means to create it and we expect them to do so well enough before the official patches are released next week.
  • The detection might be insufficient or might be failing, so you would not know it. (esp. if the attack was subtle enough in a first phase it can be very hard to detect as it's designed to be very hard to detect by anti-virus and IDS/IPS systems)
  • We were told of McAfee reporting a 6% infection rate at their customers on New Year's Eve already.

But when you will see the exploits, it will be too late. So act now and be prepared for the coming storm.

0 Comments:

Post a Comment

<< Home