Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Community InformationNews Desk

Patched (WMF)Windows Bug Will Be Danger For Months

Notifications for Security Updates, as well as News and Information from across the web - mostly security minded.

Update Contributors: Members of the Malware Removal University.

Regular Members: Our Regular Members are invited to start and/or participate in all other topics. Join in and share the news that's important to you.
Post a reply

Patched (WMF)Windows Bug Will Be Danger For Months

Unread postby Chachazz » January 8th, 2006, 9:53 pm

January 06, 2006 (3:00 PM EST)
By Gregg Keizer, TechWeb News

Although Microsoft pushed out a patch early to fix a major bug and even recommended that enterprises deploy it immediately, the underlying vulnerability will continue to haunt Windows users for the next six to eight months, a security professional said Friday.

Thursday, Microsoft released an out-of-cycle patch for the 10-day-old Windows Metafile flaw, admitting it did so to placate customers who were demanding an early fix.

"When I spoke to a number of customers and asked if the current situation warranted an out of band release of the update, they said yes," wrote Mike Nash, vice president for security business, on the Microsoft Security Research Center (MSRC) blog late Thursday.

Nash went on to recommend that enterprises roll out the fix as soon as they're able.

"You should deploy the update as soon as is feasible. Put it through your testing process and get it deployed. If it were my decision, I would move up [your] schedule. That is what we are doing in our IT operation here at Microsoft," he wrote.

"Absolutely that's the right advice," seconded Mike Murray, director of research at vulnerability management vendor nCircle. "The sooner you get everyone patched the better you are. The current exploits don't include an automated worm, but for threats that require some user interaction, this is as bad as it gets."

Exploits leveraging the WMF vulnerability now number in the hundreds, security firms allege, with thousands of Web sites -- some of them legitimate, but hacked to silently deploy malicious code -- seeding these exploits.

"We viewed this an incredibly serious threat from the beginning," said Murray. "It's been actively exploited in the wild. This is the kind of blended threat people will use for months for phishing attacks and to collect bots."

Murray estimated that it will take six to eight months for enterprises to fully deploy the WMF vulnerability patch, a time during which attackers will continue to compromise computers.

"This is definitely going to lave long legs," Murray said.

Source: TechWeb News»
User avatar
Chachazz
Regular Member
 
Posts: 642
Joined: July 3rd, 2005, 5:33 pm
Location: Canada
Top
Advertisement
Register to Remove

Unread postby Chachazz » January 8th, 2006, 9:55 pm

;)
User avatar
Chachazz
Regular Member
 
Posts: 642
Joined: July 3rd, 2005, 5:33 pm
Location: Canada
Top
Post a reply

Return to News Desk



Who is online

Users browsing this forum: No registered users and 90 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index