Firms urged to use unauthorised Windows patch
Published: 03 Jan 2006 17:10 GMT
Corporations were advised by security experts on Tuesday to use an unofficial patch to combat the latest Microsoft Windows Metafile (WMF) exploit.
Both antivirus vendor F-Secure and volunteer security group the Internet Storm Center urged businesses to use the unofficial patch, as Microsoft has so far failed to offer an authorised patch to address the problem.
Microsoft, though, has advised businesses not to use third-party updates, even though its own patch won't be available until next Tuesday.
As reported last week, the WMF vulnerability can be exploited by Trojan horse malware to compromise a PC — by installing spyware on it or by turning it into part of a botnet.
Mikko Hypponen, director of antivirus research at F-Secure, said that he believes corporations can trust the unofficial patch, developed by security software developer Ilfak Guilfanov.
"This is a very unusual situation — we've never done this before. We trust Ilfak, and we know his patch works. We've confirmed the binary does what the source code said it does. We've installed the patch on 500 F-Secure computers, and have recommended all of our customers do the same. The businesses who have installed the patch have said it's highly sucessful," said Hypponen.
The Internet Storm Center admitted that many businesses would be very reluctant to deploy an unofficial patch on their systems, but insisted that such drastic action is needed.
"We've received many emails from people saying that no-one in a corporate environment will find using an unofficial patch acceptable," said Tom Liston of the Internet Storm Center, in his blog. "Acceptable or not, folks, you have to trust someone in this situation."
Systems administrators can also work around the problem by unregistering a file called shimgvw.dll.
"The very best response that our collective wisdom can create is contained in this advice — unregister shimgvw.dll and use the unofficial patch," said Liston.
A Microsoft spokeswomen advised businesses to wait for a week, as the software giant can't guarantee third party updates would be effective.
"Microsoft recommends that customers download and deploy the security update for the WMF vulnerability that we are targeting for release on January 10, 2006. Microsoft cannot provide assurance for independent third party security updates," she said.
Security experts say the WMF exploit is potentially very dangerous as conventional antivirus software and IDS signatures do not recognise the malicious code in email spam, as the exploit is sent in seemingly normal JPEG, GIF, or Bitmap files.
Hackers are increasingly using a wider variety of techniques to penetrate corporate defences with attacks launched through different vectors including spam, IM worms, and defaced and fake Web sites. Users need only visit a compromised or fake Web site to be attacked.
Click here to see Microsoft's security advisory about the WMF flaw.
Did you find this article useful?
280 out of 377 people found this useful
Digg
Slashdot
Del.ici.ous
Stumble
Reddit
Full Talkback thread
11 comments
-
Un-official patches can be considered helpfull. B... Anonymous -
which would you consider more trustworthy:
a.... will eusebio -
It is only one personal opinion but---the pat... Bruce White
-
I went to the download site and received this mess... John
-
I am not an expert but I took the advice writ... John L.
-
John L.
>After installing it and followi... John Doh -
Go here
http://tinyurl.com/cos3x
or here
http://t... john
-
Maybe it's me or something, and I am a little... Nobody
-
Don't be so hard on your self. You are n... Anonymous
-
In the end whether you install the... John Doh
-
To John L and others.
Windows paint and third part... john
