Just when you think the only trouble you can get from vieweing pictures on your computer is getting caught by your boss while viewing pics deemed NSFW (or worse, getting caught by your wife), here comes the Windows Metafile (WMF) exploit.
A serious new remotely exploitable vulnerability has been discovered in Microsoft Windows’ image processing code. Until this is repaired by Microsoft, any attempt to display a malicious image in Windows could install malicious software into the computer.
Yes, just any attempt to display images, even those teensy thumbnails (info on which are actually contained in the WMF) can cause your system to be infected, if malicious code is indeed embedded in the WMF. You don’t even have to click on anything or do something stupid like opening unexpected or unknown binary or document attachments. Just viewing an image on a website or as an inline email object makes you vulnerable.
All versions of Windows from Windows 98 through ME, NT, 2000, XP, and 2003 are known to be vulnerable, and a large and rapidly growing number of malicious exploits (57 at last count) are already circulating in the wild. They are being actively used to install malware and Trojans into user’s machines. Viruses and worms are expected to appear shortly.
To date, while the exploit has been known as a zero-day exploit (meaning the vulnerability had been discovered even before Microsoft announced patches for known vulnerabilities), Microsoft has only issued a quick-fix, a temporary solution that is not 100% guaranteed effective. MS has yet to issue a patch that adequately addresses the security issue.
Fortunately for us Windows users, Ilfak Guilfanov, well known in “reverse engineering” circles for his wildly popular IDA Disassembler, has written an effective, quick patch that “renders any Windows 2000, XP, 64-bit XP and 2003 systems completely invulnerable to exploitation of the Windows Metafile vulnerability.”
So be sure to download and install your copy while waiting for MS to put out a security fix. Who knows, that NSFW image you’re viewing might actually be installing malware on your system. Not safe, indeed!
Check out episode 20 of Leo Laporte and Steve Gibson’s podcast Security Now! for an interesting discussion on the WMF vulnerability