Information comes in as fast as Le Mans racers sometimes. Here is an update.
1) A pre-release "official" Microsoft patch was leaked from Redmond it would seems. People have tested it and it has caused many problems. BSOD, etc. So even if it is an "official" leak, it will break stuff. Don't mess with it.
2) The "patch" by Ilfak Guilfanov has been supported by many big groups (F-Secure, SANS, etc) but it isn't perfect. It would appear that some printing problems could occur. The GDI32.dll file is used commonly in Postscript printing, it would seem.
Administrators should NEVER push patches to large groups of computer without extensive and proper testing. This goes for ANY program (fix, patch, new program, update, upgrade, workarounds - whatever). Home-grown or official.
3) Take everything with a gain of Sodium Chloride (NaCl). The general media is great at taking any story and hyping it up. The WMF threat is real and it is dangerous, but it isn’t a RPC Buffer overflow. Remember Blaster & Sasser.
A freshly installed, up-to-date computer can not get infected without some form of user interaction. True, this interaction is small and likely to happen - if you plan on using your new shiny computer. =) Remember the ILOVE & Melissa viruses.
In the defense of the media however, most hype does start from inside the computer community itself. Professional that spend all days looking in the dark corners of the world for bad guys, will always see a threat like this as serious. The exploit code is everywhere, people do do whatever they want with it and post it everywhere, it is serious for corporate security professionals. They get paid to protect corporate assets and every threat must be battled. This fight isn't as direct in the home user world....
Sometimes hype is playing it safe...sometimes hype is good for selling products. Whatever you call it, hype brings security issues to the front page..which is something that is needed.
4) IMHO, home users are in much more danger than big corporate users. Most large companies have multiple defense systems and can reduce the WMF threat greatly without applying the suggested workarounds. Home users on the other hand, tend to be less informed and tend to already have a lot of “bad” stuff on their computers. Home users always want free e-mail smiley faces and free wallpapers and all the programs that could cause a security issue for large companies.
So in the end, practice safe hex, be prepared to battle any infection beyond the WMF and wait for Microsoft to release their patch on Tuesday.
Network and Security Professionals may want the extra protect of applying IIfak’s patch. Go ahead use it. All my home computers have it and my work laptop, but with multiple defense layers in place here at the office, I don’t see a huge need to push it out like its MS03-039.
No comments:
Post a Comment