The end of 2005 went out with a bang with regard to Windows security vulnerabilities with the Windows Meta File...
(WMF) vulnerability and the Sober worm attack prediction, slated to start January 5. The WMF vulnerability has caused some issues over the last week, including concerns about intruders gaining access to a computer with the same privileges the user had who was working while the computer became infected.
Proving perception a reality?
The end of 2005 went out with a bang with regard to Windows security vulnerabilities with the Windows Meta File (WMF) vulnerability and the Sober worm attack prediction, slated to start January 5. The WMF vulnerability has caused some issues over the last week, including concerns about intruders gaining access to a computer with the same privileges the user had who was working while the computer became infected.
The vulnerability can enter your computer from a variety of different methods -- from clicking on a graphic, selecting a URL and running an infected program, to accepting an invitation through e-mail. According to all sources, every version of Microsoft Windows is at risk, even those that have the latest service packs.
What you can do
Currently, Microsoft is still working on the final patch for this vulnerability, so until that is released, your company is susceptible. There are some suggestions to consider until the final patch is released, including the unregistration of the DLL that is affected, installing patches that remove functionality exploited by the bug and deleting media applications (or at least not using them). Additional steps you can take to help protect computers include the following:
- Restrict access to only required Web sites using your firewall, meaning that the firewall can be set to only allow access to certain Web sites (those sites should be configured for only those that are mission critical to the business).
- Restrict Internet access, especially HTTP, to only users that require it for legitimate business uses.
- Use Group Policy to limit access to software that can run media files.
- Educate users again on how to use e-mail, Internet browsers, Instant Messenger and so on. Remind them that opening unknown attachments or links is prohibited.
Microsoft is working as fast as possible to get a patch out for this vulnerability. End users, however, must take precautions before the patch is released. To be honest, the actions listed above should be implemented everyday, on every computer. Without the user protecting the computer, the attackers and virus producers will always have an upper hand.
Derek Melber, MCSE, MVP and CISM, is the director of compliance solutions for DesktopStandard Corp. He has written the only books on auditing Windows security available at The Institute of Internal Auditors' bookstore, and he also wrote the Group Policy Guide for Microsoft Press -- the only book Microsoft has written on Group Policy. You can contact Melber at email@example.com.