Wait for Windows patch opens attack window

Discussion in 'Computer Support' started by Jim, Jan 4, 2006.

  1. Jim

    Jim Guest

    Read all about it at CNN...
    http://news.com.com/Wait+for+Window...window/2100-1002_3-6016747.html?tag=nefd.lede

    Download the unofficial patch at

    http://castlecops.com/a6436-Newest_WMF_Exploit_Patch_Saves_the_Day.html
    (http://castlecops.com/t143213-Hexblog_WMF_FAQ.html)

    http://handlers.sans.org/tliston/wmffix_hexblog14.exe
    (this is a direct link to the executable - there's nothing on his index
    page)

    http://sunbeltblog.blogspot.com/2006/01/alternate-download-for-unofficial.html

    The original webpage has evidentally been overwhelmed with all of the
    traffic requesting the patch.

    Jim
     
    Jim, Jan 4, 2006
    #1
    1. Advertisements

  2. Jim

    relic Guest

    relic, Jan 4, 2006
    #2
    1. Advertisements

  3. It's just another Winhole and just another slow response by MS, but it's
    interesting that at least one security outfit is urging use of that third
    party patch -- that's seems to be a first. Choice -- what Microsoft
    doesn't want you to have.
     
    Blinky the Shark, Jan 4, 2006
    #3
  4. Jim

    Jim Guest

    I'm outta here.

    I have shown you what I know about the patch and protecting yourselves. I
    have projects to get out and must concentrate on them at this time.

    Ultimately (in PCs as in life), your seurity is in your hands. Do your
    research. Listen to whom you trust.

    I wish you all the very best in this new year.

    Have fun and be safe.

    Jim
     
    Jim, Jan 4, 2006
    #4
  5. Jim

    Barry OGrady Guest

    How do we know the patch is not really the virus?
    Barry
    =====
    Home page
    http://members.iinet.net.au/~barry.og
     
    Barry OGrady, Jan 4, 2006
    #5
  6. Jim

    Mara Guest

    When these guys say it's the thing to do:

    http://isc.sans.org/

    Then I do it. Patched every machine we have at work yesterday.

    "Including TardoGirl's. That's always fun."
     
    Mara, Jan 4, 2006
    #6
  7. Jim

    relic Guest

    Great!

    Door, Arse ------------->
     
    relic, Jan 4, 2006
    #7
  8. Jim

    olfart Guest

    ouch....darn glass doorknobs !
     
    olfart, Jan 4, 2006
    #8
  9. You go. In another thread (I believe in another group), someone asked who
    in their right mind would install a patch from a non-MS source. Clearly,
    in this case, anyone who didn't have their head up Mr. Gate's ass too far
    to see the Real World outside, and wanted relative (that's all one can
    expect in Winworld) security.
     
    Blinky the Shark, Jan 4, 2006
    #9
  10. Jim

    Mara Guest

    Yes. There is also this - some of M$'s patches don't work out too well. Even
    when they come out with the one for this, I'm not sure I'd trust it without
    extensive testing by non-M$ personnel.

    "Certainly not in a production environment where security comes first."
     
    Mara, Jan 5, 2006
    #10
  11. Jim

    Lookout Guest

    Does this only hit IF you are using the MS viewer for WMF files?
     
    Lookout, Jan 5, 2006
    #11
  12. Jim

    Agnes L Guest


    From what l understand, the Sars org. offering the patch is a reputable
    company. The Toronto Star also mentioned them in their article re:
    MS Security flaw. You can read about it here:
    http://www.thestar.com/NASApp/cs/Co...le&cid=1136328631307&call_pageid=970599119419

    I downloaded the temporary patch a couple of hours ago from the
    following site:
    http://blogs.zdnet.com/Ou/index.php?p=144&tag=nl.e550



    Aggie.
     
    Agnes L, Jan 5, 2006
    #12
  13. Jim

    Todd H. Guest

    No. It's far worse than that. The trouble is that Windows looks at
    the file header and not the file extension when it decides whether to
    execute infected wmf files. THe vulnerable bit is a DLL file routine
    that can be called by any program, not any one problem.

    This is probably one of the 3 worst vulnerabilities we've seen in
    windows in the past few years.
     
    Todd H., Jan 5, 2006
    #13
  14. Jim

    Lookout Guest

    Thanks. I've already patched but I just wanted to make sure I was
    reading it right.
     
    Lookout, Jan 5, 2006
    #14
  15. Jim

    Todd H. Guest

    Todd H., Jan 5, 2006
    #15
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.