WMF temporary (unofficial) patch

Discussion in 'Windows 64bit' started by Jud Hendrix, Jan 1, 2006.

  1. Jud Hendrix

    Jud Hendrix Guest

    Jud Hendrix, Jan 1, 2006
    #1
    1. Advertisements

  2. Thanks, great. Just installed it. Is there a way to know if it is working?


    Tony. . .
     
    Tony Sperling, Jan 1, 2006
    #2
    1. Advertisements

  3. Jud Hendrix

    Jud Hendrix Guest

    Open an infected WMF ;-) Just kidding of course, but it's probably the only
    way to test it. I think it's best to keep an eye on Ilfak Guilfanov's blog,
    as people are testing it. I am not going to try opening an infected WMF, as
    the best and safest repair is a full re-install of Windows :(

    jud
     
    Jud Hendrix, Jan 1, 2006
    #3
  4. No offence, Jud, but I would MUCH rather folks got any unofficial patch from
    someplace I recognize. In this case:
    http://isc.sans.org/diary.php?storyid=994

    The Internet Security Center (ISC) FAQ on the vulnerability including a link
    to their patch.
     
    Charlie Russel - MVP, Jan 1, 2006
    #4
  5. Jud Hendrix

    Dennis Pack Guest

    Charlie:

    Thank you for that link, it's very informative. One thing also
    listed was un-registering a DLL file along with installing the patch. I've
    never un-registered a file and I'm not sure how to proceed. Thank you for
    your time.
     
    Dennis Pack, Jan 1, 2006
    #5
  6. Jud Hendrix

    Sam Crawford Guest

    Charlie,

    Is this supposed to work on x64 as well? I didn't see anything about x64 at
    this link.

    Also, has anyone applied the patch and did it screw anything up?
     
    Sam Crawford, Jan 1, 2006
    #6
  7. Jud Hendrix

    James Park Guest

    "Some CPUs, like AMD's 64 Bit CPUs, will provide full DEP protection and
    will prevent the exploit."

    Does that mean we're already covered?
     
    James Park, Jan 1, 2006
    #7
  8. Charlie Russel - MVP, Jan 1, 2006
    #8
  9. Charlie Russel - MVP, Jan 1, 2006
    #9
  10. I believe it should, but I also think that simply unregistering the DLL and
    waiting for the official MS patch is probably sufficient.
     
    Charlie Russel - MVP, Jan 1, 2006
    #10
  11. Jud Hendrix

    Jud Hendrix Guest

    Not offended Charlie. I got this patch via the F-Secure weblog. I assume I
    can trust F-Secure in verifying it's safety :) The page where the patch is
    mentioned is http://www.f-secure.com/weblog/ (Under "Saturday, December 31,
    2005"). The patch you refer to is exactly the same patch by the way.

    jud
     
    Jud Hendrix, Jan 1, 2006
    #11
  12. Yes, I generally trust F-Secure. But I'd rather point people to something
    where they can see where they're going. These days...

    I have some other, independent, indications that it's safe as well. But for
    x64, I think we're probably fine with the hardware DEP and unregistering the
    DLL. At least until we have an official patch.
     
    Charlie Russel - MVP, Jan 1, 2006
    #12
  13. Jud Hendrix

    Dennis Pack Guest

    Charlie:

    Thank you for the prompt reply. Sorry for the delayed response.
    Also the "Windows Live Safety Center" looks like a viable test for existing
    security systems in place. Thank you again and Happy New Year to all.
     
    Dennis Pack, Jan 1, 2006
    #13
  14. No offence either - but you might like to check the source of the SANS
    patch...
     
    Pierre Vandevenne, Jan 1, 2006
    #14
  15. Jud Hendrix

    Jud Hendrix Guest

    Absolutely right on that :)
    The patch included the sources for everyone to check.
    OK. Well I have DEP + patch and reregistered the DLL. I just hate that I
    can't see preview icons on my system. My extra safety for now, is to only
    go to websites I can trust to be safe, and blocking all
    advertisements-servers via the hosts-file (the yoyo.org list), up till the
    patch.
    Rumour said it would take until the 9th of January for the patch to arrive,
    but I hope the good people at MS will be quicker.

    jud
     
    Jud Hendrix, Jan 2, 2006
    #15
  16. Jud Hendrix

    Sam Crawford Guest

    Probably a dumb question but are we safe(r) if we use IE 64bit?
     
    Sam Crawford, Jan 2, 2006
    #16
  17. Jud Hendrix

    Jud Hendrix Guest

    According to http://www.microsoft.com/technet/security/advisory/912840.mspx
    we are not:

    "Related Software:
    Microsoft Windows 2000 Service Pack 4
    Microsoft Windows XP Service Pack 1
    Microsoft Windows XP Service Pack 2
    Microsoft Windows XP Professional x64 Edition
    Microsoft Windows Server 2003
    Microsoft Windows Server 2003 for Itanium-based Systems
    Microsoft Windows Server 2003 Service Pack 1
    Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
    Microsoft Windows Server 2003 x64 Edition
    Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and
    Microsoft Windows Millennium Edition (ME)"

    The F-secure weblog says it might even be worse than that, and that all
    Windows-versions could be affected:
    http://www.f-secure.com/weblog/archives/archive-012006.html#00000761

    jud
     
    Jud Hendrix, Jan 2, 2006
    #17
  18. I would say no. At the least, unregister both DLLs (see my post above)
     
    Charlie Russel - MVP, Jan 2, 2006
    #18
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.