Most of you know how much I love Macs, and how I'm... ahem... not fond of Windows.
I'll spare you my soapbox and pass along this official security notice which sort of speaks for itself.
This notice is indeed real, and was an email circulated internally within a high tech Portland area business, and was generated by it's own I.T. department. Special thanks to Sonja for the heads up on this.
************************************************************************************************************
Hi,
You may be aware already of the latest problem with Windows.
If you don't use windows, you can stop reading now.
There is currently a problem with the way that windows views / opens / executes image files.
It is now possible that just viewing an image can infect your computer with a virus.
From the most recent SANS security report:
" A malicious webpage, shared folder or an HTML email containing a specially crafted metafile can exploit the buffer overflow to execute arbitrary code on a Windows system. Exploit code has been publicly posted. The flaw is being actively exploited to install spyware and Trojans on client systems. F-Secure reports detecting 57 different malicious WMF files in the wild so far."
Again I must warn everyone: Please do not open unexpected attachments or email links even if they are
from trusted sources.
Our anti-virus software is up to date , and should detect any of these vulnerabilities, but please
be cautious when viewing images. Update your home PC's virus definitions and set them to update automatically if possible.
further reading:
Microsoft Advisory
http://www.microsoft.com/technet/security/advisory/912840.mspx
SANS Handler's Diary
http://isc.sans.org/diary.php?storyid=972
http://isc.sans.org/diary.php?storyid=977
F-Secure Weblog With the Latest Exploit Updates
http://www.f-secure.com/weblog/
Exploit Code
http://metasploit.com/projects/Framework/exploits.html#ie_xp_pfv_metafile
WMF File Format
http://www.fileformat.info/format/wmf/egff.htm
SecurityFocus BID
http://www.securityfocus.com/bid/16074
2 comments:
oh geez, you know i'd change to mac if i could handle change. and i do like Big Mac's. so i'd probably be a good candidate too. but for now i guess i'll check up on Mr. Norton.
Karen
oh ya, prayers go out to all those in west virginia's coal miner nightmare, what a sad chain of events i heard unfold last night--i was on the roller coaster ride and didn't even know a soul there. my first aol log on said 12 found alive!! i got all over it and turned on cnn as it all unfolded in a real sad way. i still know that no matter where the fault lies, prayers are greatly needed. that's where we can make a difference. i hope the families will gain strength and rekindle the light of faith--it's still there and they need it now more than ever.
love,
karen
Post a Comment