- 12 myths about how the Internet works
- Smartphone smackdown: Storm vs. iPhone
- IETF: Should we ignore the Kaminsky bug?
- Top 10 wicked cool algorithms
- How to recession-proof yourself
In an unusual move, the SANS Institute is recommending that Windows users apply a software patch created by a Russian researcher to prevent attackers from compromising Windows desktops through a software flaw Microsoft says it won’t fix for a week.
The so-called Windows Metafile (WMF) exploit allows an attacker to completely compromise a desktop by sending malicious code with a graphic or through a Web site that a victim visits. SANS Institute, a security organization whose division known as the Internet Storm Center monitors security threats, considered the risks associated with the WMF flaw so serious that it decided to make a software patch available for download after it learned that Microsoft won’t have its software patch ready until Jan. 10.
Microsoft, while acknowledging the IMF flaw, says Windows users should refrain from using other than Microsoft patches. However, Johannes Ullrich, chief research officer at SANS Institute, said to-date, there have been over 80,000 downloads of the SANS-recommended patch prepared by Russian researcher, Ilfak Guilfanov. In addition, SANS is assisting a number of large enterprises and state agencies that want to deploy the SANS-recommended patch to desktops throughout their organizations.
“We would rather Microsoft be doing this patch,” said Ullrich. But with Microsoft unprepared to release a fix immediately, SANS Institute felt the evidence of a growing number of IMF-related compromises of desktops warranted the unusual step of SANS recommending a patch on its own.
In a bulletin, Microsoft confirmed that an attack based on the IMF exploit started on Dec. 28, but its software fix is still being tested.
Desktop users that suffered the effects of the IMF exploit describe it as a devastating experience to find their desktop computers completely taken over by an attacker.
“When it hit, the screen suddenly said, ‘Congratulations, you’re infected!’” said Brad Dinerman, vice president of information technology at MIS Alliance, a professional services outsourcing firm in Newton, Mass. It was clear that the computer running XP was no longer in his control.
“It had root access, it wouldn’t let me log off or do anything,” Dinerman said. He said he ended up having to re-build the machine from scratch. He noted that his machine had been up-to-date in terms of software patches, anti-virus and anti-spyware software.
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment