About | Buy Stuff | News | Products | Rants | Search | Security | Twitter
Home » Resources » Rants

MS ActiveArmageddon®

Year of December 31, 2005

An expected Happy New Year greeting from Microsoft.


'WMF - Windows Major Foul-up', write eWeek. It's about yet another Windows vulnerability.

If you want to see how bad this is, just surf to Google News and type in 'WMF'. There are several hundred articles available already.

It has something to do with something called 'WMF'.

What is WMF?

WMF is 'Windows Metafile'. It's a cached set of GDI instructions. 'GDI' is the 'graphical device interface' in Windows. For all you Windows droolers, it's the thing that puts funky boxes and icons (and windows) on your screen. (The screen is the thing in front of your keyboard that looks like a television.)

The instructions are straightforward GDI instructions exactly as they would be sent to the GDI layer for processing in realtime, only now they're 'recorded' so they can be 'played back'.

Come the end of 2005 with all the other atrocities we've witnessed, and what more fitting than to end this extremely disastrous and disappointing year by putting our perennial Redmond morons back in the spotlight.

For Microsoft's WMF technology has a fatal flaw. And it's not a buffer overrun - it's a typically stupid Microsoft design flaw. WMFs can register 'callbacks' so control flow goes to a designated address. And guess where the hackers will have their WMFs call back to?

It's so easy to do that even the script kiddies are doing it.

  • Create a metafile.
  • Tack some 'shell code' on the end of it.
  • Register this code in the metafile so Windows calls it.
  • Embed the metafile somewhere and fill out a bank deposit slip.

Hackers (read criminal gangs that are going to fleece your bank accounts Aunt Eunice) can craft special WMF files that will corrupt your computer, most likely through Internet Explorer or Outlook.

And since Microsoft don't have any security - there's nothing at all protecting you - then as soon as the bad code gets in, your bank accounts (and other things) go out.

But almost no one uses metafiles anymore (except Microsoft to put those ugly icons on your desktop but you didn't know that did you) so why the worry?

Because they can be embedded almost anywhere and your Microsoft Windows with 'advanced security technologies' [sic] will pick them up - and sell you into slavery 'just like that'.

And by anywhere is truly meant 'A-N-Y-W-H-E-R-E'. [Anywhere.]

If you're running Windows (you slobbering pathetic FOOL) then the odds are still great that you are running Internet Explorer and Outlook. Despite the gains of Firefox, Internet Explorer, condemned YEARS AGO by the United States Department of Homeland Security as a THREAT TO THE UNITED FUCKING STATES, is still the dominant web browser. (And the reason for this is that YOU are a SLOBBERING PATHETIC FOOL.)

WMFs can be embedded in:

  • Web pages. This is the most obvious. Surf to the wrong site and you're done.
  • Chat room logs. Someone can post a WMF and corrupt everyone else.
  • Blogs. Just spam all the blogs you can find. Anyone visiting is toast.
  • Electronic mail. As in groovy messages from friends. As in SPAM.

And these are only the starters.

And you don't have to actually SEE anything to make it happen: remember the web bugs? Those tiny itsy bitsy 1 x 1 pixel images that phoned home on you? Think the same here. One pixel by one pixel. Most likely transparent or white. You won't see it. It will be there and it will take over your computer and your miserable life and you won't even know it.

[Considering how numb you've been all along to all the alerts people have been sending you, maybe you're just lobotomised and don't know it?]

At any rate, at this point in time the 'knowledgeable' start sending out letters to friends and family. 'Time to beef up your security, grandma!' the letters will read.

So get this straight and get this clear:

THERE IS NO DEFENCE.

Either get off Windows or get off the net.


Aladdin Tackles WMF Vulnerability
<http://www.webhosting.info/news/1/aladdin-tackles-wmf-vulnerability_1230051311.htm>

Protection from critical WMF vulnerability
<http://blogs.zdnet.com/Ou/?p=142>

Lots of bad advice for critical WMF vulnerability!
<http://blogs.zdnet.com/Ou/?p=143>

Setting the record straight on the WMF vulnerability
<http://blogs.zdnet.com/BTL/?p=2315>

Workaround, Protections Emerge for WMF Exploit
<http://www.publish.com/article2/0,1895,1906754,00.asp>

Extremely Critical Windows Security Hole
<http://blogs.pcworld.com/staffblog/archives/001149.html>

Windows 0-Day Exploit Helped by Open Source?
<http://www.internetnews.com/security/article.php/3574291>

Trojan alert over unpatched Windows flaw
<http://www.techspot.com/news/19944-trojan-alert-over-unpatched-windows-flaw.html>

Exploiting the Windows XP/2003 Picture and Fax Viewer Metafile Overflow Vulnerability
<http://www.onlamp.com/pub/wlg/8879>

New Trojan Program Labeled 'Critical'
<http://www.allheadlinenews.com/articles/7001673252>

Trojan Delivers Malware to Windows PCs
<http://www.hardwarezone.com/news/view.php?id=3413&cid=8>

Windows WMF 0-day exploit in the wild
<http://www.techspot.com/news/19936-windows-wmf-0day-exploit-in-the-wild.html>

Update on WMF exploit
<http://blogs.zdnet.com/Spyware/?p=735>

Security Breach Hits Windows
<http://www.redherring.com/Article.aspx?a=15102>

How To Beat Back The New Zero-Day Windows Bug
<http://www.informationweek.com/news/showArticle.jhtml?articleID=175701231>

Another WMF (Windows Major Foul-Up)
<http://www.eweek.com/article2/0,1895,1906513,00.asp>

Microsoft Promises To Patch Worsening Zero-Day Flaw
<http://www.informationweek.com/news/showArticle.jhtml?articleID=175701152>

Hackers target zero day Windows vulnerability
<http://www.vnunet.com/vnunet/news/2147909/hackers-attack-zero-day-windows>

Trojan alert over unpatched Windows flaw
<http://www.theregister.co.uk/2005/12/29/wmf_trojan_alert/>

Hackers exploit Windows flaw
<http://www.techworld.com/security/news/?NewsID=5066>

Sites exploit Windows image flaw
<http://news.bbc.co.uk/1/hi/technology/4566504.stm>

Windows Metafile Flaw Exploited
<http://www.techtree.com/techtree/jsp/article.jsp?article_id=70083&cat_id=582>

New zero day exploit seen in the wild
<http://blogs.zdnet.com/Spyware/index.php?p=734>

Trojan delivers unwanted gift to Windows PCs
<http://news.com.com/2100-7349_3-6011406.html>

Attackers Exploit New Zero-Day Windows Bug
<http://www.informationweek.com/news/showArticle.jhtml?articleID=175700809>

Critical Impact: Windows Metafile Flaw a 'Zero-Day Exploit'
<http://www.eweek.com/article2/0,1895,1906177,00.asp>

Windows File Format in 'extremely critical flaw'
<http://www.idm.net.au/story.asp?id=6902>

Be Careful - Critical Windows WMF File Security Flaw In the Wild
<http://www.realtechnews.com/posts/2390>

'Extremely critical' .wmf exploit tags Windows XP systems
<http://www.earthtimes.org/articles/show/4833.html>

Hackers Attack Zero Day Windows Vulnerability
<http://www.technewsworld.com/story/48046.html>

Windows image flaw now 'extremely critical'
<http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1154914,00.html>

Critical Exploit found in most browsers, even fully patched windows systems
<http://www.politicalgateway.com/news/read.html?id=5722>

Trojan Exploit - WMF Attack
<http://www.efytimes.com/fullnews.asp?edid=9006>

Exp/WMF-A
<http://www.sophos.com/virusinfo/analyses/expwmfa.html>

TROJ_WMFCRASH.A
<http://de.trendmicro-europe.com/consumer/vinfo/encyclopedia.php?VName=TROJ_WMFCRASH.A>

Analysts Fret as Adware Makers Leverage WMF Flaw
<http://www.eweek.com/article2/0,1895,1906915,00.asp>

'Really Bad' Exploit Threatens Windows
<http://www.betanews.com/article/Really_Bad_Exploit_Threatens_Windows/1135794414>

MS Confirms WMF Flaw, Variants Spread
<http://www.betanews.com/article/MS_Confirms_WMF_Flaw_Variants_Spread/1135888538>

Footnote: The Undead

The GDI is the one part of 32-bit Windows not initially designed and constructed by David Cutler and his team from Digital Equipment Corporation. It is the one part of Windows not written in C but in C++. David Cutler's team didn't even understand Microsoft wanted a 'GUI' until it was too late - and then Microsoft assigned a group known as 'The Undead' to it.

The Undead were so called because they were always contributing to projects that failed and everyone figured they'd be phased out or fired, but somehow this never happened.

The head of The Undead was a notorious addicted gambler. It's a matter of record that a great part of the shakiness in Windows NT and its successors is due to this individual obsessing with coming up with a system to break the bank in Atlantic City and devoting most of his working time to this goal - and not to the code of the GDI.

It is also a matter of record that a computer scientist worth a pinch of salt is also good at mathematics and that anyone good at mathematics knows there are no systems to break any bank. It is therefore a fair conclusion that the head of The Undead was a blithering idiot.

And finally it is a matter of record that this individual chose to 'gamble' on a 'new language' called C++ to complete his project - and in fact was able to garner enthusiasm for this choice from then CEO Bill Gates himself.

In fact, Gates thought it was such a great idea that he went to Dave Cutler on three separate occasions to try to convince the DEC team to rip up their Windows NT code and start from scratch with C++.

What Cutler told Gates is also a matter of record.

About | Buy Stuff | News | Products | Rants | Search | Security
Copyright © Radsoft. All rights reserved.