Security Experts Advise Corporations To Apply Unofficial Microsoft Patch

DETROIT – Experts are advising corporations to use an unofficial patch to combat the latest Microsoft Windows Meta File exploit, which can open the door to malicious spam to MSN Messenger worms.

Antivirus vendor F-Secure and the Internet Storm Center, a volunteer security group, separately urged businesses on Tuesday to use the unofficial patch, as Microsoft has not yet offered an authorized fix for the problem, CNET.Com reported.

Microsoft, though, has advised businesses not to use third-party updates, even though its own patch won’t be available until next Tuesday.

The WMF vulnerability can be exploited in Windows XP with Service Pack 1 and 2, as well as Windows Server 2003, security experts said.

Mikko Hypponen, director of antivirus research at F-Secure, said he believes corporations can trust the unofficial patch, which was created by security software developer Ilfak Guilfanov.

The Internet Storm Center admitted that many businesses would be very reluctant to deploy an unofficial patch on their systems, but insisted that such action is needed.

“We’ve received many e-mails from people saying that no one in a corporate environment will find using an unofficial patch acceptable,” Tom Liston of the Internet Storm Center said in his blog. “Acceptable or not, folks, you have to trust someone in this situation.”

Systems administrators can also work around the problem by un-registering a file called “shimgvw.dll”.

A Microsoft spokeswomen advised businesses to wait for a week, as the software giant can’t guarantee third-party updates will be effective.

Security experts say the WMF exploit is potentially dangerous because conventional antivirus software and IDS (Intrusion Detection System) signatures do not recognize the malicious code in spam, as the exploit is sent in seemingly normal JPEG, GIF, or bitmap files.

Hackers are increasingly using a wider variety of techniques to penetrate corporate defenses with attacks launched through different methods including spam, IM worms, and defaced and fake Web sites. Computer users need only visit a compromised or fake Web site to be attacked.