29 December 2005

Stand by to repel boarders on Port Eighty

Looks like it’s not a good day to be Microsoft. Again.

Without directly raising the spectre of another CodeRed-intensity wormflood, The Washington Post is reporting an advisory from Symantec: an unpatched WMF vulnerability is exploited and...

The exploit code, first posted on security mailing list Bugtraq, states that the included Internet address can successfully exploit a fully patched Windows XP system with a freshly updated [Symantec] Norton Anti-Virus.

(bracketed amendment in original)

Now would be a good time to hide your MS-Windows workstations behind a proxy, and order it to block anything named .wmf, claiming to be a WMF image, or file(1)ing as a WMF, since it seduces any graphical web browser running in BillSpace.


Alpha said...

Doesn't it seem to indicate a Symantec issue?? more than anything if no other anti virus vendor is effected

Leon Brooks said...

Er... no.

Symantec/Norton didn’t detect it. Other virus makers may or may not be able to detect it. Nevertheless, the original vulnerability applies to every Windows-NT-architecture machine on the planet (NT, 2000, XP, 2003), regardless of its Symantecness or otherwise.