Updated 5 January 2006 to include information about
fix from Microsoft
Experts at SophosLabs™, Sophos's global
network of virus, spyware and spam analysis centers, have reported
analysing over 200 different attacks exploiting a serious Microsoft
security hole in the way Windows computers handle WMF graphic
Microsoft confirmed details
of the vulnerability in late December 2005, which can allow
remote hackers to install and run malicious code on Windows
computers. Already Sophos, which automatically updated customers
with the ability to detect malware using the
exploit on 29 December, has seen hackers use over 200 different
methods to attack computers in this way.
"Microsoft originally said it would release a fix for the
problem as part of its regular patch cycle on Tuesday 10 January.
The reason for the delay was explained by the software giant as
being because it needed more time to properly test the patch to
ensure it didn't cause unanticipated problems," said Graham Cluley, senior
technology consultant for Sophos. "We have seen over 200
differently crafted attempts to infect computers using the WMF
exploit, but as yet none are believed to be widespread. Companies
would be sensible to ensure their anti-virus and anti-spam software
is automatically updating itself to provide a higher level of
protection for their users."
Security researcher Ilfak Guilfanov set up a website which contains an
unofficial patch for the problem, for computer users who did not
wish to wait for Microsoft to release its fix.
"In our testing we have found no problems with Guilfanov's fix
for Microsoft's WMF vulnerability, and it does prevent the exploits
from working," continued Cluley. "However, companies will now be
able to use the official patch from Microsoft rather than rely upon
a third party security patch."
Sophos recommends companies protect their email with a consolidated solution to thwart the virus and spam
threats and secure their desktops and servers with automatically
updated anti-virus protection, the latest security patches, and
properly configured firewalls.