Rixstep
 About | ACP | Buy | Industry Watch | Learning Curve | News | Search | Test
Home » Industry Watch

The WMF Flaw

Seasons greetings from Microsoft.


This one's so easy it's not funny. And there's no cure for it either. And it's spreading like wildfire.

And naturally it affect no platform other than Windows©®™.

The WMF 'flaw' has to do with an ability in 'Windows metafiles' to register code that the system will 'call back'. While David Cutler's memory security is otherwise rather tight, things fall apart here in the domain of the 'Undead'.

All a script kiddie has to do is:

  • Acquire some good shell code somewhere.
  • Create a metafile and tack the shell code on the back of it.
  • Register the shell code as a 'callback' inside the metafile proper.
  • Start spamming the hell out of everybody; start spamming blogs and chat rooms; start posting the metafile as a 'web bug' embedded object in websites;
  • Fill out a bank deposit slip.

The attacks are growing, and rapidly, with several thousand websites already out there lurking and waiting for unwitting (Windows) victims.

As it's not a programming but a design flaw, fixes are going to be slow coming. Windows (l)users can disable the 'DLL' responsible for WMFs - but in such case the desktop turns into mush.

Happy New Year©®™ from Microsoft Corporation©®™.


Aladdin Tackles WMF Vulnerability
<http://www.webhosting.info/news/1/aladdin-tackles-wmf-vulnerability_1230051311.htm>

Protection from critical WMF vulnerability
<http://blogs.zdnet.com/Ou/?p=142>

Lots of bad advice for critical WMF vulnerability!
<http://blogs.zdnet.com/Ou/?p=143>

Setting the record straight on the WMF vulnerability
<http://blogs.zdnet.com/BTL/?p=2315>

Workaround, Protections Emerge for WMF Exploit
<http://www.publish.com/article2/0,1895,1906754,00.asp>

Extremely Critical Windows Security Hole
<http://blogs.pcworld.com/staffblog/archives/001149.html>

Windows 0-Day Exploit Helped by Open Source?
<http://www.internetnews.com/security/article.php/3574291>

Trojan alert over unpatched Windows flaw
<http://www.techspot.com/news/19944-trojan-alert-over-unpatched-windows-flaw.html>

Exploiting the Windows XP/2003 Picture and Fax Viewer Metafile Overflow Vulnerability
<http://www.onlamp.com/pub/wlg/8879>

New Trojan Program Labeled 'Critical'
<http://www.allheadlinenews.com/articles/7001673252>

Trojan Delivers Malware to Windows PCs
<http://www.hardwarezone.com/news/view.php?id=3413&cid=8>

Windows WMF 0-day exploit in the wild
<http://www.techspot.com/news/19936-windows-wmf-0day-exploit-in-the-wild.html>

Update on WMF exploit
<http://blogs.zdnet.com/Spyware/?p=735>

Security Breach Hits Windows
<http://www.redherring.com/Article.aspx?a=15102>

How To Beat Back The New Zero-Day Windows Bug
<http://www.informationweek.com/news/showArticle.jhtml?articleID=175701231>

Another WMF (Windows Major Foul-Up)
<http://www.eweek.com/article2/0,1895,1906513,00.asp>

Microsoft Promises To Patch Worsening Zero-Day Flaw
<http://www.informationweek.com/news/showArticle.jhtml?articleID=175701152>

Hackers target zero day Windows vulnerability
<http://www.vnunet.com/vnunet/news/2147909/hackers-attack-zero-day-windows>

Trojan alert over unpatched Windows flaw
<http://www.theregister.co.uk/2005/12/29/wmf_trojan_alert/>

Hackers exploit Windows flaw
<http://www.techworld.com/security/news/?NewsID=5066>

Sites exploit Windows image flaw
<http://news.bbc.co.uk/1/hi/technology/4566504.stm>

Windows Metafile Flaw Exploited
<http://www.techtree.com/techtree/jsp/article.jsp?article_id=70083&cat_id=582>

New zero day exploit seen in the wild
<http://blogs.zdnet.com/Spyware/index.php?p=734>

Trojan delivers unwanted gift to Windows PCs
<http://news.com.com/2100-7349_3-6011406.html>

Attackers Exploit New Zero-Day Windows Bug
<http://www.informationweek.com/news/showArticle.jhtml?articleID=175700809>

Critical Impact: Windows Metafile Flaw a 'Zero-Day Exploit'
<http://www.eweek.com/article2/0,1895,1906177,00.asp>

Windows File Format in 'extremely critical flaw'
<http://www.idm.net.au/story.asp?id=6902>

Be Careful - Critical Windows WMF File Security Flaw In the Wild
<http://www.realtechnews.com/posts/2390>

'Extremely critical' .wmf exploit tags Windows XP systems
<http://www.earthtimes.org/articles/show/4833.html>

Hackers Attack Zero Day Windows Vulnerability
<http://www.technewsworld.com/story/48046.html>

Windows image flaw now 'extremely critical'
<http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1154914,00.html>

Critical Exploit found in most browsers, even fully patched windows systems
<http://www.politicalgateway.com/news/read.html?id=5722>

Trojan Exploit - WMF Attack
<http://www.efytimes.com/fullnews.asp?edid=9006>

Exp/WMF-A
<http://www.sophos.com/virusinfo/analyses/expwmfa.html>

TROJ_WMFCRASH.A
<http://de.trendmicro-europe.com/consumer/vinfo/encyclopedia.php?VName=TROJ_WMFCRASH.A>

Analysts Fret as Adware Makers Leverage WMF Flaw
<http://www.eweek.com/article2/0,1895,1906915,00.asp>

'Really Bad' Exploit Threatens Windows
<http://www.betanews.com/article/Really_Bad_Exploit_Threatens_Windows/1135794414>

MS Confirms WMF Flaw, Variants Spread
<http://www.betanews.com/article/MS_Confirms_WMF_Flaw_Variants_Spread/1135888538>

Footnote: The Undead

The GDI is the one part of 32-bit Windows not initially designed and constructed by David Cutler and his team from Digital Equipment Corporation. It is the one part of Windows not written in C but in C++. David Cutler's team didn't even understand Microsoft wanted a 'GUI' until it was too late - and then Microsoft assigned a group known as 'The Undead' to it.

The Undead were so called because they were always contributing to projects that failed and everyone figured they'd be phased out or fired, but somehow this never happened.

The head of The Undead was a notorious addicted gambler. It's a matter of record that a great part of the shakiness in Windows NT and its successors is due to this individual obsessing with coming up with a system to break the bank in Atlantic City and devoting most of his working time to this goal - and not to the code of the GDI.

It is also a matter of record that a computer scientist worth a pinch of salt is also good at mathematics and that anyone good at mathematics knows there are no systems to break any bank. It is therefore a fair conclusion that the head of The Undead was a blithering idiot.

And finally it is a matter of record that this individual chose to 'gamble' on a 'new language' called C++ to complete his project - and in fact was able to garner enthusiasm for this choice from then CEO Bill Gates himself.

In fact, Gates thought it was such a great idea that he went to Dave Cutler on three separate occasions to try to convince the DEC team to rip up their Windows NT code and start from scratch with C++.

What Cutler told Gates is also a matter of record.

Footnote: Yahoo! FUD!

If there's one thing the losers on Windows can't stand, it's to know the rest of the world are totally unaffected and laughing at them. Throw in a good portion blithering incompetence and you have a great stew.

In an extremely apologetic and defensive article Yahoo! describe the current WMF terror for the poor Windows users and then go on to smear the issue all over the place by quoting the supposed security expert Andrew Jaquith.

Without giving a direct quote, Yahoo nevertheless attribute to him with the sly quip 'Andrew Jaquith characterised the vulnerability as a serious security issue that has cropped up before in browsers including Firefox and Safari'.

This Jaquith must be some great security expert: he's evidently found a vulnerability no one else on the planet knows anything about.

Yahoo! journalism! at! its! finest!

About | ACP | Buy | Industry Watch | Learning Curve | News | Products | Search | Substack
Copyright © Rixstep. All rights reserved.