خلل أمني في جميع إصدارات الوندوز

الموضوع في 'قسم المواضيع المهمه' بواسطة المؤشر, بتاريخ ‏1 يناير 2006.

  1. المؤشر

    المؤشر المشرف العام مشرف

    التسجيل:
    ‏30 أغسطس 2001
    المشاركات:
    6,691
    عدد الإعجابات:
    67
    مكان الإقامة:
    الكويت
    الخلل عباره عن تلغيم ملفات WMF حين يتم فتح أنواع معينه من الصور موجوده في بعض المواقع الملغمه أو عن طريق البريد الإلكتروني يتم دخول ملفات التجسس بكافة أنواعها وأشكالها إلى جهاز الكمبيوتر

    حتى هذه اللحظه لم تتمكن شركة المايكروسوفت من إصلاح الخلل بشكل تام ولكن قام أحد المبرمجين من أحد المواقع الأمنيه المشهوره بتوفير ملف يمكنه حل المشكله حل نهائي إلى أن تتمكن شركة المايكروسوفت بإيجاد حل نهائي من عندها

    يرجى من جميع الأعضاء وحرصاً على المعلومات السريه لحساباتهم في البنوك ومع الوسطاء الماليين عبر الإنترنت تنزيل وتركيب الملف من هذا الرابط
    http://www.grc.com/sn/notes-020.htm

    كما يجب تحديث مضادات الفيروسات وعمل مسح لأجهزة الكمبيوتر لإزالة أي ملف تجسس إستطاع الدخول بسبب هذا الخلل الأمني في الوندوز

    الأعضاء الذين لا يمتلكون مضادات فيروس يستطيعون الإستعانه بهذا الموقع لإجراء مسح من خلال الإنترنت
    http://safety.live.com/site/en-US/default.htm
     
  2. wanasa

    wanasa عضو نشط

    التسجيل:
    ‏28 ابريل 2005
    المشاركات:
    1,341
    عدد الإعجابات:
    3
    مكان الإقامة:
    بالبيت وانت ?؟
    الله يعطيك العافيه على هالخبر وجعله الله فى ميزان اعمالك
    اتمنى من الاخوان المتخصصين بالامور هذى شرح البرنامج بالعربى
    بالنسبة لحالات Temporary اوDiscovered & Immediately اوeventually
    للافادة العامه ومشكورين مقدما ..
     
  3. بورش

    بورش عضو مميز

    التسجيل:
    ‏25 سبتمبر 2005
    المشاركات:
    3,660
    عدد الإعجابات:
    1
    مكان الإقامة:
    دار بالبورصة
    يعطيك العافية أخوي ومشكور على هالمعلومة واهتمامك بأخوانك الي بالمنتدى .. هذا ان كان يعكس عن شيء فهذا يعكس عن طيب أهل المنتدى وترابطهم كأسرة واحدة

    بس أخوي ممكن الرابط لهذا الخبر من شركة مشهورة؟
    يعني ممكن هالخبر من windows.com
    أو mcafee.com < kaspersky.com
    أخاف انزل الملف من الموقع الي عطيته لي ويطله اهوا الي يسبب مشاكل
    ويعطيك العافية
     
  4. خالد العتيبي

    خالد العتيبي عضو جديد

    التسجيل:
    ‏2 أغسطس 2004
    المشاركات:
    666
    عدد الإعجابات:
    0
    مكان الإقامة:
    الكويت
    مشكوووووووور والله يعطيك العافية على المعلومة ..
    ومرفق نص الخبر المنشور في موقع مايكروسوفت بهذا الشأن ...

    http://www.microsoft.com/technet/security/advisory/912840.mspx

    Microsoft Security Advisory (912840)
    Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution.
    Published: December 28, 2005 | Updated: December 30, 2005

    Microsoft is investigating new public reports of a vulnerability in Windows. Microsoft is also aware of the public release of detailed exploit code that could be used to exploit this vulnerability. Based on our investigation, this exploit code could allow an attacker to execute arbitrary code on the user's system by hosting a specially crafted Windows Metafile (WMF) image on a malicious Web site. Microsoft is aware that this vulnerability is being actively exploited.

    Microsoft has determined that an attacker using this exploit would have no way to force users to visit a malicious Web site. Instead, an attacker would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker's Web site. In an e-mail based attack, customers would have to be persuaded to click on a link within a malicious e-mail or open an attachment that exploited the vulnerability. In both the web and email based attacks, the code would execute in the security context of the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

    Microsoft will continue to investigate these reports and provide additional guidance depending on customer needs.

    Customers are encouraged to keep their anti-virus software up to date. The Microsoft Windows AntiSpyware (Beta) can also help protect your system from spyware and other potentially unwanted software. Customers can also visit Windows Live Safety Center and are encouraged to use the Complete Scan option to check for and remove malicious software that take advantage of this vulnerability. We will continue to investigate these public reports.

    Upon completion of this investigation, Microsoft will take appropriate action to help protect our customers. This will include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs. If you are a Windows OneCare user and your current status is green, you are already protected from known malware that uses this vulnerability to attempt to attack systems.

    Microsoft’s investigation into this malicious act is ongoing. We are working closely with our anti-virus partners and aiding law enforcement in its investigation.
     
  5. خالد العتيبي

    خالد العتيبي عضو جديد

    التسجيل:
    ‏2 أغسطس 2004
    المشاركات:
    666
    عدد الإعجابات:
    0
    مكان الإقامة:
    الكويت
    بقية الخبر


    Microsoft encourages users to exercise caution when they open e-mail and links in e-mail from untrusted sources. For more information about Safe Browsing, visit the Trustworthy Computing Web site.

    We continue to encourage customers to follow our Protect Your PC guidance of enabling a firewall, applying software updates and installing antivirus software. Customers can learn more about these steps at the Protect Your PC Web site.

    Customers who believe they have been attacked should contact their local FBI office or post their complaint on the Internet Fraud Complaint Center Web site. Customers outside the U.S. should contact the national law enforcement agency in their country.

    Customers who believe they may have been affected by this issue can also contact Product Support Services. You can contact Product Support Services in the United States and Canada at no charge using the PC Safety line (1 866-PCSAFETY). Customers outside of the United States and Canada can locate the number for no-charge virus support by visiting the Microsoft Help and Support Web site.

    Mitigating Factors:

    • In a Web-based attack scenario, an attacker would have to host a Web site that contains a Web page that is used to exploit this vulnerability. An attacker would have no way to force users to visit a malicious Web site. Instead, an attacker would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker's Web site.

    • In an E-mail based attack of the current exploit, customers would have to be persuaded to click on a link within a malicious e-mail or open an attachment that exploited the vulnerability.

    • An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

    • By default, Internet Explorer on Windows Server 2003, on Windows Server 2003 Service Pack 1, on Windows Server 2003 with Service Pack 1 for Itanium-based Systems, and on Windows Server 2003 x64 Edition runs in a restricted mode that is known as Enhanced Security Configuration This mode mitigates this vulnerability where the e-mail vector is concerned although clicking on a link would still put users at risk. In Windows Server 2003, Microsoft Outlook Express uses plain text for reading and sending messages by default. When replying to an e-mail message that is sent in another format, the response is formatted in plain text. See the FAQ section of this vulnerability for more information about Internet Explorer Enhanced Security Configuration.


    General Information
    Overview

    Purpose of Advisory: To provide customers with initial notification of the publicly disclosed and exploited vulnerability. For more information see the “Suggested Actions” section of the security advisory.

    Advisory Status: Under Investigation

    Recommendation: Review the suggested actions and configure as appropriate.

    References Identification
    CVE Reference
    CVE-2005-4560

    CERT Reference
    VU#181038

    Microsoft Knowledge Base Article
    912840


    This advisory discusses the following software.

    Related Software
    Microsoft Windows 2000 Service Pack 4

    Microsoft Windows XP Service Pack 1

    Microsoft Windows XP Service Pack 2

    Microsoft Windows XP Professional x64 Edition

    Microsoft Windows Server 2003

    Microsoft Windows Server 2003 for Itanium-based Systems

    Microsoft Windows Server 2003 Service Pack 1

    Microsoft Windows Server 2003 with SP1 for Itanium-based Systems

    Microsoft Windows Server 2003 x64 Edition

    Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)


    Note Microsoft Windows Server 2003 Service Pack 1 and Microsoft Windows Server 2003 x64 Edition also refer to Microsoft Windows Server 2003 R2.

    Top of section
    Frequently Asked Questions

    What is the scope of the advisory?
    Microsoft is aware of a new vulnerability report affecting the Graphics Rendering Engine in Microsoft Windows. This vulnerability affects the software that is listed in the “Overview” section.

    Is this a security vulnerability that requires Microsoft to issue a security update?
    We are currently investigating the issue to determine the appropriate course of action for customers. We will include the fix for this issue in an upcoming security bulletin.

    What causes the vulnerability?
    A vulnerability exists in the way specially crafted Windows Metafile (WMF) images are handled that could allow arbitrary code to be executed.

    What is the Windows Metafile (WMF) image format?
    A Windows Metafile (WMF) image is a 16-bit metafile format that can contain both vector information and bitmap information. It is optimized for the Windows operating system.

    For more information about image types and formats, see Microsoft Knowledge Base Article 320314. Additional information about these file formats is also available at the MSDN Library Web site.

    What might an attacker use the vulnerability to do?
    An attacker who successfully exploited this vulnerability could take complete control of the affected system. In a Web-based attack scenario, an attacker would host a Web site that exploits this vulnerability. An attacker would have no way to force users to visit a malicious Web site. Instead, an attacker would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker's site. It could also be possible to display specially crafted Web content by using banner advertisements or by using other methods to deliver Web content to affected systems.

    How could an attacker exploit the vulnerability?
    An attacker could host a malicious Web site that is designed to exploit this vulnerability through Internet Explorer and then persuade a user to view the Web site.

    I am reading e-mail in plain text, does this help mitigate the vulnerability?
    Yes. Reading e-mail in plain text does mitigate this vulnerability where the e-mail vector is concerned although clicking on a link would still put users at risk.

    Note In Windows Server 2003, Microsoft Outlook Express uses plain text for reading and sending messages by default. When replying to an e-mail message that is sent in another format, the response is formatted in plain text.

    I have DEP enabled on my system, does this help mitigate the vulnerability?
    Software based DEP does not mitigate the vulnerability. However, Hardware based DEP may work when enabled: please consult with your hardware manufacturer for more information on how to enable this and whether it can provide mitigation.

    Does this vulnerability affect image formats other than Windows Metafile (WMF)?
    At this point, the only image format affected is the Windows Metafile (WMF) format. It is possible however than an attacker could rename the file extension of a WMF file to that of a different image format. In this situation, it is likely that the Graphic Rendering engine would detect and render the file as a WMF image which could allow exploitation.

     
  6. خالد العتيبي

    خالد العتيبي عضو جديد

    التسجيل:
    ‏2 أغسطس 2004
    المشاركات:
    666
    عدد الإعجابات:
    0
    مكان الإقامة:
    الكويت

    Windows Metafile (WMF) images can be embedded in other files such as Word documents. Am I vulnerable to an attack from this vector?
    No. While we are investigating the public postings which seek to utilize specially crafted WMF files through IE, we are looking thoroughly at all instances of WMF handling as part of our investigation. While we're not aware of any attempts to embed specially crafted WMF files in, for example Microsoft Word documents, our advice is to accept files only from trusted source would apply to any such attempts.

    If I block .wmf files by extension, can this protect me against attempts to exploit this vulnerability?
    No. Because the Graphics Rendering Engine determines file type by means other than just looking at the file extensions, it is possible for WMF files with changed extensions to still be rendered in a way that could exploit the vulnerability.

    Does the workaround in this advisory protect me from attempts to exploit this vulnerability through WMF files with changed extensions?
    Yes. Microsoft has tested and can confirm the workaround in this advisory help protect against WMF files with changed extensions.

    It has been reported that malicious files indexed by MSN Desktop Search could lead to exploitation of the vulnerability. Is this true?
    We have received reports and are investigating them thoroughly as part of our ongoing investigation. We are not aware at this time of issues around the MSN Desktop Indexer, but we are continuing to investigate.

    Is this issue related to Microsoft Security Bulletin MS05-053 - Vulnerabilities in Graphics Rendering Engine Could Allow Code Execution (896424) which was released in November?
    No, these are different and separate issues.

    Are there any third party Intrusion Detection Systems (IDS) that would help protect against attempts to exploit this vulnerability?
    While we don't know of specific products or services that currently scan or detect for attempts to render specially crafted WMF files, we are working with our partners through industry programs like VIA to provide information as we have it. Customers should contact their IDS provider to determine if it offers protection from this vulnerability.

    Will my anti-virus software protect me from exploitation of this vulnerability?
    As of the latest update to this advisory the following members of the Virus Information Alliance have indicated that their anti-virus software provides protection from exploitation of Windows Metafile (WMF) files using the vulnerability discussed in this advisory.

    • Symantec

    • Computer Associates

    • McAfee

    • F-Secure Corporation

    • Panda Software International

    • Eset Software


    In addition Microsoft is providing heuristic protection against exploitation of this vulnerability through Windows Metafile (WMF) files in our new Windows OneCare Live Beta.

    As currently known attacks can change, the level of protection offered by anti-virus vendors at any time may vary. Customers are advised to contact their preferred anti-virus vendor with any questions they may have or to confirm additional information regarding their vendor’s method of protection against exploitation of this vulnerability.

    When this security advisory was issued, had Microsoft received any reports that this vulnerability was being exploited?
    Yes. When the security advisory was released, Microsoft had received information that this vulnerability was being actively exploited.

    Top of section
    Suggested Actions

    • Un-register the Windows Picture and Fax Viewer (Shimgvw.dll) on Windows XP Service Pack 1; Windows XP Service Pack 2; Windows Server 2003 and Windows Server 2003 Service Pack 1

    Microsoft has tested the following workaround. While this workaround will not correct the underlying vulnerability, it helps block known attack vectors. When a workaround reduces functionality, it is identified in the following section.

    Note The following steps require Administrative privileges. It is recommended that the machine be restarted after applying this workaround. It is also possible to log out and log back in after applying the workaround. However, the recommendation is to restart the machine.

    To un-register Shimgvw.dll, follow these steps:

    1.
    Click Start, click Run, type "regsvr32 -u %windir%\system32\shimgvw.dll" (without the quotation marks), and then click OK.

    2.
    A dialog box appears to confirm that the un-registration process has succeeded. Click OK to close the dialog box.


    Impact of Workaround: The Windows Picture and Fax Viewer will no longer be started when users click on a link to an image type that is associated with the Windows Picture and Fax Viewer.

    To undo this change, re-register Shimgvw.dll by following the above steps. Replace the text in Step 1 with “regsvr32 %windir%\system32\shimgvw.dll” (without the quotation marks).

    • Microsoft encourages users to exercise caution when they open e-mail and links in e-mail from untrusted sources. For more information about Safe Browsing, visit the Trustworthy Computing Web site.

    • Customers in the U.S. and Canada who believe they may have been affected by this possible vulnerability can receive technical support from Microsoft Product Support Services at 1-866-PCSAFETY. There is no charge for support that is associated with security update issues or viruses." International customers can receive support by using any of the methods that are listed at Security Help and Support for Home Users Web site.

    • All customers should apply the most recent security updates released by Microsoft to help ensure that their systems are protected from attempted exploitation. Customers who have enabled Automatic Updates will automatically receive all Windows updates. For more information about security updates, visit the Microsoft Security Web site.

    • Protect Your PC

    We continue to encourage customers follow our Protect Your PC guidance of enabling a firewall, getting software updates and installing ant-virus software. Customers can learn more about these steps by visiting Protect Your PC Web site.

    • For more information about staying safe on the Internet, customers can visit the Microsoft Security Home Page.

    • Keep Windows Updated

    All Windows users should apply the latest Microsoft security updates to help make sure that their computers are as protected as possible. If you are not sure whether your software is up to date, visit the Microsoft Update Web site, scan your computer for available updates, and install any high-priority updates that are offered to you. If you have Automatic Updates enabled, the updates are delivered to you when they are released, but you have to make sure you install them.


    Top of section
    Resources:

    • You can provide feedback by completing the form by visiting the following Web site.

    • Customers in the U.S. and Canada can receive technical support from Microsoft Product Support Services. For more information about available support options, see the Microsoft Help and Support Web site.

    • International customers can receive support from their local Microsoft subsidiaries. For more information about how to contact Microsoft for international support issues, visit the International Support Web site.

    • The Microsoft TechNet Security Web site provides additional information about security in Microsoft products.


    Disclaimer:

    The information provided in this advisory is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

    Revisions:

    • December 28, 2005: Advisory published

    • December 29, 2005: Advisory updated. FAQ section updated.

    • December 30, 2005: Advisory updated. FAQ section updated.
     
  7. خالد العتيبي

    خالد العتيبي عضو جديد

    التسجيل:
    ‏2 أغسطس 2004
    المشاركات:
    666
    عدد الإعجابات:
    0
    مكان الإقامة:
    الكويت
    والحل المؤقت حتى تخرج مايكرسوفت بالتحديث اللازم مستقبلا هو
    بكتابة هذا الأمر في خانة Run
    كود:
    regsvr32 -u %windir%\system32\shimgvw.dll

    يمكن نسخ الأمر اعلاه(CTRL+C) ولصقه(CTRL+V) في مربع run ومن ثم الضغط على enter
     
  8. بوراشد جروب

    بوراشد جروب عضو مميز

    التسجيل:
    ‏22 يوليو 2005
    المشاركات:
    4,910
    عدد الإعجابات:
    311
    مكان الإقامة:
    صانع سوق ... لمشاركات المنتدى .. :)
    جزاكم الله خير

    بارك الله فيكم يا جماعة ........ عساكم على القوه....:)
     
  9. خالد العتيبي

    خالد العتيبي عضو جديد

    التسجيل:
    ‏2 أغسطس 2004
    المشاركات:
    666
    عدد الإعجابات:
    0
    مكان الإقامة:
    الكويت
  10. روبية

    روبية عضو جديد

    التسجيل:
    ‏5 فبراير 2006
    المشاركات:
    182
    عدد الإعجابات:
    0
    صج ماكو على ( ماك ) لافيروسات ولا مشاكل .. ذبحنا الويندوز ماله حل:confused: