ACCC Home Page ACADEMIC COMPUTING and COMMUNICATIONS CENTER
Accounts / Passwords Email Labs / Classrooms Telecom Network Security Software Computing and Network Services Education / Teaching Getting Help
 
How to Secure Your PC
0 Contents 1 Introduction 2 Win9x 3 Win2000 4 Linux

Security Exposure in Windows wmf Image File Support

 

Important: A Critical un-patched flaw in Microsoft Windows has been discovered and is already being actively exploited by hackers. Simply viewing images on your computer may lead to your system being compromised.

Images are obviously present on almost all Web pages and are frequently sent in e-mail as well. Although only visiting well-known web sites will help mitigate the risk, it will not eliminate it. There is already one report of a well known web site (knoppix-std dot org) being compromised by hackers to cause it to include a corrupt image.

Microsoft has announced that it will release a patch for the vulnerability on Tuesday Jan 10, 2006. Until the patch is released and applied to your system, your system is vulnerable.

As usual, ACCC will filter any machine that is compromised and starts misbehaving from the network, so it is in your best interest to prevent your machine from being infected.

Recommendations

Although Microsoft will not released a patch until 1/10/2006, ACCC recommends the following to help mitigate the potential impact of the vulnerability:

  • You should discuss any changes to your system with your local system administrator before making them to ensure that you do not break any critical functionality needed for your daily activities.

  • Using your Windows machine from a non-administrator account will help limit the potential damage that an infected image file can cause. It is always best to perform daily activities from an account that does not have administrator privileges.

  • Avoid browsing to potentially dangerous web sites. Browsing to well known sites should be okay, though there isn't any guarantee. Browsing hacker web sites or web sites that allow anyone to upload images is not advisable.

  • Avoid viewing images in your email. For full information, see Safe Email Viewing.
  • If you are using Eudora, you can change the following settings to disable the viewing of images in e-mail:
    1. In Eudora, select Tools, then select Options
    2. Click on the Viewing Mail tab and un-check the option Use Microsoft's Viewer
    3. Click on the Display tab and un-check both the Automatically download HTML graphics box and the Display graphics in messages box.

  • You can un-register the Windows program that displays pictures. Note that doing this causes Windows FAX and picture viewer to stop working though it does not affect your web browsers. To disable the Windows FAX and picture viewer,
    1. You should go to the START menu
    2. Select RUN
    3. And then type: regsvr32 -u %windir%\system32\shimgvw.dll
    A confirmation box will appear showing if the action succeeded.

Note that simply previewing an infected image or entering a directory that contains an infected image and viewing the images with thumbnails is enough to cause your machine to be infected so it important to avoid getting such images on your system.

Although ACCC cannot recommend installing it, there is a patch produced by an individual to protect Windows. Although the SANS organization has installed and tested the patch, it is not clear at this point how the patch will affect the installation of the Microsoft path when it becomes available.

For more information on the patch and this issue, see the Incident Storm Center SANS web page at:

http://isc.sans.org/

ACCC Security

  
 

2006-1-3  security@uic.edu
UIC Home Page Search UIC Pages Contact UIC