ZD Net Australia: Wait for Windows patch boosts attack chance

By Joris Evers, Special to ZDNet
04 January 2006 12:21 PM

A serious flaw in Windows is generating a rising number of cyberattacks, but Microsoft says it won't deliver a fix until next week.
That could be too late, security experts said. The vulnerability, which lies in the way the operating system renders Windows Meta File images, could infect a PC if the victim simply visits a Web site that contains a malicious image file. Consumers and businesses face a serious risk until it's fixed, experts said.

"This vulnerability is rising in popularity among hackers, and it is simple to exploit," said Sam Curry, a vice president at security vendor Computer Associates International. "This has to be taken very seriously, and time is of the essence. A patch coming out as soon as possible is what the responsible thing to do."

Microsoft has come under fire in the past for the way it releases security patches. The company has responded in the past by instituting a monthly patching program, so system administrators could plan for the updates. Critics contend that in high-urgency cases such as the WMF flaw, Microsoft should release a fix outside of its monthly schedule.

For more info:

http://www.zdnet.com.au/news/security/soa/Wait_for_Windows_patch_boosts_attack_chance/0,2000061744,39231152,00.htm

2006? The fixes suggested from others via the DU have been useless, at least to us.

What has your experience been? Trigger date looks like later this week... Jan. 5/6...

Windows flaw spawns dozens of attacks
By Dawn Kawamoto, Special to ZDNet
04 January 2006 09:18 AM

A flaw in Microsoft's Windows Meta File has spawned dozens of attacks since its discovery last week, security experts warned Tuesday in the United States.
The attacks so far have been wide-ranging, the experts said, citing everything from an MSN Messenger worm to spam that attempts to lure people to click on malicious Web sites.

The vulnerability can be easily exploited in Windows XP with Service Pack 1 and 2, as well as Windows Server 2003, security experts said. Older versions of the operating system, including Windows 2000 and Windows ME, are also at risk, though in those cases the flaw is more difficult to exploit, said Mikko Hypponen, chief research officer at F-Secure.

"Right now, the situation is bad, but it could be much worse. The potential for problems is bigger than we have ever seen," Hypponen said. "We estimate 99 percent of computers worldwide are vulnerable to this attack."

More from: http://www.zdnet.com.au/news/security/soa/Windows_flaw_spawns_dozens_of_attacks/0,2000061744,39231147,00.htm

You might assume that someone in Oregon isn't able to get the Australian information (especially when it's dated TOMORROW!), but http://news.google.com gets it for me. Pretty interesting and useful tool for researchers.

since you asked about stateside. Lets hope MS hurries up with a patch.

My ancient Mac with it's ancient software never, ever, ever has a virus problem. Gee, I wonder why?

Flame on........if you still can.

from my 81-year-old aunt, who became a Mac user because she is a teacher, and Apple concentrated on educational institutions (and still does) for their distribution.

My husband has been a software engineer for years, now retired. He has worked on PCs since the 1980s. PCs were all available at our jobs through the years we were in the business world. That's what we know. He keeps the two personal computers running in our house, with all kinds of updated "bells and whistles" -- at age 71, he's a whiz with them, actually.

I'll give you the reason he gave me to my question years ago, "Why don't we use Macs?" The answer consistently was, "There are more programs and technological advances available on the IBM compatible PCs. Macintosh is a distant competitor. Virus programmers get a bigger kick out of messing with PC programs and browsers than they do the ones made for Macintosh computers." Interestingly enough, I visited my granddaughter's elementary school a couple of months ago. In their computer lab, they are using iMacs -- and they work very well!

We're committed to PCs. We have had some minor virus attacks in the past. We've always endured, so this will pass, too.

I wish you happiness with your ancient Mac and ancient software.

In peace,

Radio_Lady

Microsoft says patch will be ready in a week
Windows fix created but it must be tested

By ALLISON LINN
Associated Press

SEATTLE - Microsoft Corp. says it will be at least a week before it issues a fix to a recently discovered vulnerability that could let an attacker take control of an Internet-connected computer.

Microsoft said Tuesday it has created a patch for the flaw in its Windows operating system but needs to test it first. The software giant said it hopes to release the patch as part of its regular monthly security updates next Tuesday.

The Redmond, Wash., company confirmed late last week that some people were trying to take advantage of a flaw in an element of Windows that is used to view images. If a user is tricked into viewing an image, such as on a malicious Web site or within an e-mail attachment, that person's computer could be attacked.

Microsoft said its research indicates the attacks are not widespread. The fact that the vulnerability requires a person to take action — such as opening an e-mail from a stranger — could mitigate the potential damage.
(snip/...)

http://www.chron.com/disp/story.mpl/tech/news/3563470.html
(Free registration required)