Threat Level: green Handler on Duty: Daniel Wesemann

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Oxy-morons

Published: 2006-01-03
Last Updated: 2006-01-03 18:17:57 UTC
by Tom Liston (Version: 1)
0 comment(s)
"Although the issue is serious and malicious attacks are being attempted, Microsoft's intelligence sources indicate that the scope of the attacks are not widespread."
- Microsoft Security Advisory (912840)

"...Microsoft's intelligence sources..."?!?

Go ahead and laugh.  I'll wait.

Through?  O.K.

While all of the rest of us were sleeping, it appears that the propeller-heads working on Billy Wonka's Official Microsoft Research and Development Team have been hard at work creating a crystal ball capable of foretelling the future.  The only problem: it appears that they made it from rose-colored crystal.

In their rosy vision of the future, over the next seven days, nothing bad is going to happen.  The fact that there are point-n-click toolz to build malicious WMFs chock full o' whatever badness the kiddiez can cook up doesn't exist in that future.  The merry, lil' Redmond Oompa Loompas are chanting "Our patch isn't ready / you have to wait / so keep antivirus / up-to-date" which makes perfectly accurate, current AV signatures appear on every Windows computer - even those with no antivirus software.

The future, according to Microsoft, is a wonderful, safe, chocolaty place.

And why not?  Everything just seems to work out for them!

Imagine!  You have tons and tons of work to do!  Even now, the Oompa Loompas are hard at work out in Redmond, simultaneously regression-testing and translating Microsoft's WMF patch into Swahili and Urdu.  And, somehow, as if by magic, all of this work will wind down at precisely the right moment so that the WMF patch doesn't have to be released "out of cycle."  How convenient!  Especially if you're wanting to avoid all of that nasty "Microsoft Releases Emergency Patch" publicity.

And remember, if something bad does happen to you during the next seven days, Billy Wonka and his Magic Metafiles aren't to blame.  You are!

"Customers who follow safe browsing best practices are not likely to be compromised by any exploitation of the WMF vulnerability. Users should take care not to visit unfamiliar or un-trusted Web sites that could potentially host the malicious code."

Why are you visiting places on the web you've never been before?  Restrict your browsing to safe places, and everything will be just fine.  'Cause no one could ever put a bad graphic file on a place you trust.

------------------------------------------------------------------------
Tom Liston - Intelguardians Network Intelligence, L.L.C.

Keywords:
0 comment(s)
Diary Archives