QUOTE(cja100 @ Dec 29 2005, 01:18 PM)
page not found
you have to replace MS in the URL with the name of the evil corporation...
Don't know if it is applicable as I don't know if X360 OS is based in Windows, but as XBOX OS was based on W2K...
I paste the advisory below
-------------------------------
MS Security Advisory (912840)
Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution.
Published: December 28, 2005
MS is investigating new public reports of a possible vulnerability in Windows. MS will continue to investigate the public reports to help provide additional guidance for customers.
MS is aware of the public release of detailed exploit code that could allow an attacker to execute arbitrary code in the security context of the logged-on user, when such user is visiting a Web site that contains a specially crafted Windows Metafile (WMF) image. An attacker would have no way to force users to visit a malicious Web site. Instead, an attacker would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker's Web site.
Customers are encouraged to keep their antivirus software up to date. The MS Windows AntiSpyware (Beta) can also help protect your system from spyware and other potentially unwanted software. We will continue to investigate these public reports.
Upon completion of this investigation, MS will take the appropriate action to help protect our customers. This will include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.
MS encourages users to exercise caution when they open e-mail and links in e-mail from untrusted sources. For more information about Safe Browsing, visit the Trustworthy Computing Web site.
We continue to encourage customers to follow our Protect Your PC guidance of enabling a firewall, applying software updates and installing antivirus software. Customers can learn more about these steps at the Protect Your PC Web site.
Customers who believe they may have been affected by this issue can contact Product Support Services. You can contact Product Support Services in the United States and Canada at no charge using the PC Safety line (1 866-PCSAFETY). Customers outside of the United States and Canada can locate the number for no-charge virus support by visiting the MS Help and Support Web site.
Mitigating Factors:
In a Web-based attack scenario, an attacker would have to host a Web site that contains a Web page that is used to exploit this vulnerability. An attacker would have no way to force users to visit a malicious Web site. Instead, an attacker would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker's Web site.
An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
By default, Internet Explorer on Windows Server 2003, on Windows Server 2003 Service Pack 1, on Windows Server 2003 with Service Pack 1 for Itanium-based Systems, and on Windows Server 2003 x64 Edition runs in a restricted mode that is known as Enhanced Security Configuration This mode mitigates this vulnerability where the e-mail vector is concerned although clicking on a link would still put users at risk. In Windows Server 2003, MS Outlook Express uses plain text for reading and sending messages by default. When replying to an e-mail message that is sent in another format, the response is formatted in plain text. See the FAQ section of this vulnerability for more information about Internet Explorer Enhanced Security Configuration.
General Information
Overview
Purpose of Advisory: To provide customers with initial notification of the publicly disclosed and exploited vulnerability. For more information see the Suggested Actions section of the security advisory for more information.
Advisory Status: Under Investigation
Recommendation: Review the suggested actions and configure as appropriate.
References Identification
CVE Reference
CVE-2005-4560
CERT Reference
VU#181038
MS Knowledge Base Article
912840
This advisory discusses the following software.
Related Software
MS Windows 2000 Service Pack 4
MS Windows XP Service Pack 1
MS Windows XP Service Pack 2
MS Windows XP Professional x64 Edition
MS Windows Server 2003
MS Windows Server 2003 for Itanium-based Systems
MS Windows Server 2003 Service Pack 1
MS Windows Server 2003 with SP1 for Itanium-based Systems
MS Windows Server 2003 x64 Edition
MS Windows 98, MS Windows 98 Second Edition (SE), and MS Windows Millennium Edition (ME)
Note MS Windows Server 2003 Service Pack 1 and MS Windows Server 2003 x64 Edition also refer to MS Windows Server 2003 R2.
Top of sectionTop of section
Frequently Asked Questions
What is the scope of the advisory?
MS is aware of a new vulnerability report affecting the Graphics Rendering Engine in MS Windows. This vulnerability affects the software that is listed in the Overview section.
Is this a security vulnerability that requires MS to issue a security update?
We are currently investigating the issue to determine the appropriate course of action for customers. We will include the fix for this issue in an upcoming security bulletin.
What causes the vulnerability?
A vulnerability in the way that specially crafted WMF images are handled could allow arbitrary code to be executed.
What might an attacker use the vulnerability to do?
An attacker who successfully exploited this vulnerability could take complete control of the affected system. In a Web-based attack scenario, an attacker would host a Web site that exploits this vulnerability. An attacker would have no way to force users to visit a malicious Web site. Instead, an attacker would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker's site. It could also be possible to display specially formed Web content by using banner advertisements or by using other methods to deliver Web content to affected systems.
How could an attacker exploit the vulnerability?
An attacker could host a malicious Web site that is designed to exploit this vulnerability through Internet Explorer and then persuade a user to view the Web site.
I am reading e-mail in plain text, does this help mitigate the vulnerability?
Yes. Reading e-mail in plain text does mitigate this vulnerability where the e-mail vector is concerned although clicking on a link would still put users at risk.
Note In Windows Server 2003, MS Outlook Express uses plain text for reading and sending messages by default. When replying to an e-mail message that is sent in another format, the response is formatted in plain text.
I have software DEP enabled on my system, does this help mitigate the vulnerability?
Yes. Windows XP Service Pack 2 also includes software-enforced DEP that is designed to reduce exploits of exception handling mechanisms in Windows. By default software-enforced DEP applies to core operating system components and services. This vulnerability can be mitigated by enabling DEP for all programs on your computer.
For additional information about how to Enable DEP for all programs on your computer, see the product documentation.
Top of sectionTop of section
Suggested Actions
Workarounds
MS has tested the following workaround. While this workaround will not correct the underlying vulnerability, it will help block known attack vectors. When a workaround reduces functionality, it is identified in the following section.
Un-register the Windows Picture and Fax Viewer (Shimgvw.dll) on Windows XP Service Pack 1; Windows XP Service Pack 2; Windows Server 2003 and Windows Server 2003 Service Pack 1
To un-register Shimgvw.dll, follow these steps:
1.
Click Start, click Run, type "regsvr32 -u %windir%\system32\shimgvw.dll" (without the quotation marks), and then click OK.
2.
A dialog box appears to confirm that the un-registration process has succeeded. Click OK to close the dialog box.
Impact of Workaround: The Windows Picture and Fax Viewer will no longer be started when users click on a link to an image type that is associated with the Windows Picture and Fax Viewer.
To undo this change, re-register Shimgvw.dll by following the above steps. Replace the text in Step 1 with regsvr32 %windir%\system32\shimgvw.dll (without the quotation marks).
Top of sectionTop of section
Top of sectionTop of section
MS encourages users to exercise caution when they open e-mail and links in e-mail from untrusted sources. For more information about Safe Browsing, visit the Trustworthy Computing Web site.
Customers in the U.S. and Canada who believe they may have been affected by this possible vulnerability can receive technical support from MS Product Support Services at 1-866-PCSAFETY. There is no charge for support that is associated with security update issues or viruses." International customers can receive support by using any of the methods that are listed at Security Help and Support for Home Users Web site.
All customers should apply the most recent security updates released by MS to help ensure that their systems are protected from attempted exploitation. Customers who have enabled Automatic Updates will automatically receive all Windows updates. For more information about security updates, visit the MS Security Web site.
Protect Your PC
We continue to encourage customers follow our Protect Your PC guidance of enabling a firewall, getting software updates and installing ant-virus software. Customers can learn more about these steps by visiting Protect Your PC Web site.
For more information about staying safe on the Internet, customers can visit the MS Security Home Page.
Keep Windows Updated
All Windows users should apply the latest MS security updates to help make sure that their computers are as protected as possible. If you are not sure whether your software is up to date, visit the MS Update Web site, scan your computer for available updates, and install any high-priority updates that are offered to you. If you have Automatic Updates enabled, the updates are delivered to you when they are released, but you have to make sure you install them.
Top of sectionTop of section
Resources:
You can provide feedback by completing the form by visiting the following Web site.
Customers in the U.S. and Canada can receive technical support from MS Product Support Services. For more information about available support options, see the MS Help and Support Web site.
International customers can receive support from their local MS subsidiaries. For more information about how to contact MS for international support issues, visit the International Support Web site.
The MS TechNet Security Web site provides additional information about security in MS products.
Disclaimer:
The information provided in this advisory is provided "as is" without warranty of any kind. MS disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall MS Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if MS Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
Revisions:
December 28, 2005: Advisory published
-------------------------------
Sheriff
Author
Topic: MS Vulnerability In Wmf (Read 117 times)