The Antivirus Guy Blog

Keeping people up to date with antivirus and security information

SANS – Internet Storm Center – WMF and Indexing

SANS – Internet Storm Center – Cooperative Cyber Threat Monitor And Alert System.

Handler’s Diary December 31st 2005

WMF and Indexing (NEW)

Published: 2005-12-31,
Last Updated: 2005-12-31 12:24:04 UTC by Patrick Nolan (Version: 1)

WMF Indexing, White Elephants and White Rabbits

The WMF White Elephant in the room as far as I’m concerned is Indexing. YMMV. How many Vendors have other Indexing services installed that are going to automagically enable WMF exploitation on or across your network?

F-Secure pointed out the White Elephant when they recommended you “disable indexing of media files (or get rid of Google Desktop) if you’re handling infected files under Windows” and said “This is enough to invoke the exploit and infect the machine. This all happens in realtime as Google Desktop contains a file system filter and will index new files in realtime.”. And I agree, turn all Indexing off until a fix is out.

Microsoft, Google and other vendors should immediately address what the role is of their indexing services, particularly as it relates to shares, synchronization and potential mitigation activities. Their lack of comment on this issue is glaring.

MS Indexing (White Rabbit Link)

F-Secure’s blog today has a new vulnerability workaround (unrelated to indexing).


December 31, 2005 - Posted by | Antivirus News, Security News

No comments yet.

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: