|
We guarantee your privacy: 1. We will never sell, rent, or give away your address to any outside party, ever. 2. We will never send you any unrequested e-mail, besides newsletter updates. 3. All unsubscribe requests are honored immediately, period. Privacy policy 
|
|
INTRODUCTION Please check your preferences The new year is a good time to update your contacts. That includes making sure your personal info is set the way you want it for the Windows Secrets Newsletter. Please visit your preferences page and fill in any missing or incorrect lines now. I'm very excited about 2006, because I can finally carry out a dream of mine: adding locally relevant info to your newsletter. Three years ago, when this newsletter began, there were no Google Maps, "mash-ups," or many of the other location-specific services that are emerging daily. I can't yet say what kinds of local info are being added to the newsletter. But I can say that they'll respond to your ZIP code (in the U.S.) or postal code (in other countries). In 2003, when I started the newsletter, I asked you to enter your telephone area code when you subscribed. Every part of the world has an area code or country code, and I thought new Web services would soon accept this data. But it turns out that today's location-specific servers weren't designed to accept area codes. Instead, they use postal codes. Silly me. Without any reminders, the majority of my readers have willingly entered an area code. Now I need you to visit your preferences page for a moment and enter your postal code instead. Imagine that you could instantly find out who in your city has a computer component or technical book that you need to pick up right away. Or imagine you could meet people in your local area with precisely the technical expertise you're looking for. These are the kinds of services that mapping mash-ups are increasingly making possible online. |
Windows Secrets News UpdateIssue 66a — 2006.01.04 Editor Brian Livingston (left) Contents INTRODUCTION Please check your preferences Make sure you get the mail you want Help search engines find us Next regular issue will be Jan. 12 TOP STORY Windows metafile hole requires unofficial patch ABOUT YOUR SUBSCRIPTION Your preferences, etc. Newsletter Control Panel Windows Secrets home page How to subscribe Change your delivery address Change your preferences Access past free issues Access past paid issues Upgrade to paid version Search for info (WinFind) Submit a Windows tip Get subscription help How to unsubscribe Circulation: over 145,000 |
|
As always, our "ironclad privacy guarantee" ensures that we will never sell, rent, or give away to any outside party any of your personal information, ever. Once we've developed dynamic applications later this year that are responsive to your postal code, you'll have a variety of ways to tap in, as privately or as publicly as you'd like. To get this all started, simply check your preferences page for a moment now. Thanks for your help. —Brian Livingston, Editor Make sure you get the mail you want You may be losing valuable e-mail messages — including publications you've subscribed to, such as the Windows Secrets Newsletter. If you use a corporate mail server or an Internet service provider, your e-mail may be "filtered" and messages may be disappearing without any warning to you. To prevent this from interfering with your receipt of the newsletter, enter our "From" address, shown below, into your e-mail program's Address Book and any "safe senders" list it uses:
Help search engines find us If you run your own Web site, or you contribute content to a Web site, please include a link to us. This helps us get search engines to notice the Windows Secrets home page. Simply create a link to WindowSecrets.com using words such as Windows XP update tips as the clickable text, like this: Windows XP update tips. If you don't know anything about HTML, you can still insert a helpful link by pasting into a Web page the following code: <p><a href="http://WindowsSecrets.com">Windows XP update tips</a></p> By helping search engines find Windows Secrets, we can help more Windows users find the information we provide. Thanks.Next regular issue will be Jan. 12 Today's e-mail message is a short news update. Our next regular issue will be published according to our usual twice-a-month schedule on Jan. 12. That's two days after Microsoft Patch Tuesday, when new Windows patches are usually released. News updates don't include our usual columnists, our Wacky Web Week feature, or other sections. A news update also has no free version and no paid version; it's all the same message. |
|
TOP STORY Windows metafile hole requires unofficial patch By Brian Livingston A weakness in the way Windows renders images is being exploited on the Internet and affects any browser you may be using, not just Internet Explorer. Microsoft has no patch for the problem at this writing. An official patch may appear at any time, or it may take days or weeks. I recommend that you immediately run a small, unofficial patch that was developed by white-hat security researchers to make your PCs immune to the problem. Not just .wmf files are suspect I don't ordinarily publish a news update for every new Windows security threat that appears. Instead, I urge my readers to install one piece of hardware and two pieces of software that I call the Security Baseline (see my Dec. 15, 2005, description). You then configure Windows and your security programs so they automatically download all critical updates. That way, you're protected against most exploits — and you can safely enjoy personal computing instead of constantly tweaking your PC to defend against real or imagined threats. The new "WMF Metafile" vulnerability is different: • It can infect your PC if you merely view an image formatted as a Windows metafile on a Web page, in an e-mail attachment, or on your hard disk. • Every browser is vulnerable — IE, Firefox, Opera, and others — because the image is not being rendered by the browser. It's rendered by Windows' own Picture and Fax Viewer (Shimgvw.dll, also known as the Shell Image View Control). New versions of Firefox do display an alert when a suspicious image is encountered on a Web page. But since viewing an image is usually harmless, most users will click OK, exposing themselves to infection. • If your PC catches an infected metafile — perhaps through instant messaging or file-sharing software — the payload can run even if you don't consciously open or view the image. Google Desktop Search, for example, causes the payload to be executed when the metadata of the image is accessed. If the image is an icon, merely displaying a file directory in certain views of Windows Explorer can silently execute a Trojan. New-year white hats to the rescue When exploit code was discovered on Dec. 31, security researchers worked furiously over the New Year's Eve holiday to find a defense against the WMF Metafile threat. Fortunately, a small patch has become available until Microsoft releases its own fix. In my opinion, you're far better off to install the unofficial patch than to wait to see what Microsoft will come up with. What NOT to do: I've seen advice on the Internet suggesting that network administrators should "block .wmf files at the border." That's pointless, because an infected file can bear any image-file extension. It could even be embedded in a Word document or any other kinds of file. The Windows viewer will dutifully execute the instructions in the metafile anyway. What to do: First, read the FAQ on the problem at the Internet Storm Center, story I.D. 994. (For exhaustive details, see the ISC's link overview.) Then, download the latest version of the patch developed by researcher Ilfak Guilfanov. This download is linked to from the FAQ. The experts at the ISC, a division of the SANS Institute, say they've examined and tested the patch and found it to be safe and effective. That's as good a testimonial as we can expect for any software. You can also deregister Shimgvw.dll. This prevents the Windows Picture and Fax Viewer from starting, avoiding the problem. The DLL, however, can be re-registered by a Trojan, so this affords only limited security. Microsoft provides details on how to deregister Shimgvw.dll in a security advisory released on Dec. 28. This document also describes DEP (Data Execution Prevention), which prevents certain software exploits when using Windows XP SP2 and hardware exploits when using 64-bit XP on certain 64-bit hardware. For more information, see security advisory 912840. Installing the Guilfanov patch, deregistrating the DLL, and enabling DEP are all steps that can be easily reversed, if necessary. The unofficial patch and the deregistration should be undone before installing Microsoft's own patch, whenever it may become available. We'll have more details in the next regular Windows Secrets Newsletter on Jan. 12. To send us more information about the WMF Metafile bug, or to send us a tip on any other subject, visit WindowsSecrets.com/contact. You'll receive a gift certificate for a book, CD, or DVD of your choice if you send us a comment that we print. Brian Livingston is editor of the Windows Secrets Newsletter and the coauthor of Windows 2000 Secrets, Windows Me Secrets, and eight other books. |
|
FORWARDING INSTRUCTIONS Please share this information with your friends You're encouraged to refer your friends and colleagues to this free newsletter. Because most e-mail programs don't correctly display a formatted message that's been forwarded, simply call people's attention to the permanent Web address of this issue: WindowsSecrets.com/comp/060104. |
|
ABOUT YOUR SUBSCRIPTION The Windows Secrets Newsletter is published twice a month on alternating Thursdays. Issues appear 2 days and 16 days after Microsoft Patch Tuesday (the 2nd Tuesday of each month). Only the first issue of the month is published in August and December to allow vacation breaks. A short "news update" is sometimes published between regular newletters. Publisher: WindowsSecrets.com LLC, 300 Queen Anne Ave. N. #456, Seattle, WA 98109 USA. Vendors, please send no unsolicited packages to this address (readers' letters are fine). Editor: Brian Livingston. Contributing Editors: Susan Bradley, Woody Leonhard, Chris Mosby, Ryan Russell. Research Director: Vickie Stevens. Program Director: Brent Scheffler. Trademarks: Windows is a registered trademark of Microsoft Corporation. The Windows Secrets series of books is published by Wiley Publishing Inc. The Windows Secrets Newsletter, WindowsSecrets.com, WinFind, Windows Gizmos, Index of Reviews, Briefing Session, Windows Patch Watch, Perimeter Scan, Update Management, and Wacky Web Week are trademarks and service marks of WindowsSecrets.com LLC. All other marks are the trademarks or service marks of their respective owners. How to subscribe: Anyone may subscribe to this newsletter by visiting WindowsSecrets.com/info. Our Ironclad Privacy Guarantee: (1) We will never sell, rent, or give away your address to any outside party, ever; (2) We will never send you any unrequested e-mail, besides newsletter updates; and (3) All unsubscribe requests are always honored immediately, period. Privacy policy HOW TO UNSUBSCRIBE: To unsubscribe from the Windows Secrets Newsletter, Copyright © 2006 by WindowsSecrets.com LLC. All rights reserved. |
