The Black Hats Don't Sleep

Well, I hope you enjoyed Christmas as much as I do and additionally I hope that you have the opportunity to have a few days off.

But it seems that the bad guys have too much time as well. There are reports that there is a 0day out there attacking a vulnerability in Microsoft Windows WMF Handling. We are aware of it and it is under investigation at the moment. Here you can find some information about it:
MELANI: https://www.melani.admin.ch/newsticker/00072/index.html?lang=en&PHPSESSID=5f98437d926027b133d27ab41e1f6748
Secunia: https://secunia.com/advisories/18255/
SANS: https://isc.sans.org/diary.php?storyid=975

F-Secure, one of our VIA (Virus Information Alliance) partners, has some good information on this from an attack perspective: https://www.f-secure.com/weblog/archives/archive-122005.html#00000753

Several AV-vendors including Symantec, Trendmicro, McAfee, and F-Secure have already updated their signature – therefore you should as well

Roger

Comments

• Anonymous
  December 28, 2005
  Not just reports. I got at home last night. Used restore point and feverish deletes, still not sure if I got it all. So I hope they admit and publish a fix soon.