As you may or may not have heard, Google announced a downloadable bundle of software it calls the “Google pack,” which it says is a free package of software it deems safe and necessary for Windows users. It may be the most unimpressive thing to ever come from Google.
Evidently Microsoft realizes the harm that this WMF exploit was doing to their customers and to their reputation. Word it, a patch will be pushed out today. If you have automatic updates activated (and you should!) then you will get this autmoatically later tonight or tomorrow when Windows updates itself. Otherwise, you should be able to grab it at update.microsoft.com.
Microsoft makes some good products, but they continue to be embarassed by holes in their software that, under the scrutiny of thousands of hackers, can be exploited to compromise your PC. The most recent vulnerability is extremely critical, because your PC can be compromised simply by visiting a malicious website, or opening an attachment on a malicious email. Because it exploits a system library that has been a part of Windows since Windows 3.0, it may also be the single largest computer security threat – ever. There have also been reports that receiving certain malicious instant messages can cause a security breach as well.
To protect yourself until a patch is released, visit only web sites that you trust, and open emails only from people who you trust. Be especially cautious about any WMF image files. If you don’t want to wait for Microsoft, there is an unofficial patch that can protect you that is available from the Internet Storm Center here: http://handlers.sans.org/tliston/WMFHotfix-1.1.14.msi
Hello All! It’s been awhile since we last talked – we’ve been so busy helping clients – I promise to get back on track though in touching bases much more often.
Like many of you, we here at MicroLaw spend a good deal of time considering the implications of malware infection. Youâ€™ve heard of malware, of course. Thatâ€™s the generic term for the broad group of malicious software which hackers seem never to tire of creating. Viruses (viri?) and Trojan horses are two well known examples of malware.
Read the rest of this entry »