Microsoft Release WMF Vulnerability Patch
Posted by Rustee on 05 January 2006 - 22:39 · 44 comments & 12043 views
About the Author
Full name: Unknown
Forum name:
Rustee
Contact: via forum PM
Submissions: Normal · Headline
Full name: Unknown
Forum name:
RusteeContact: via forum PM
Submissions: Normal · Headline
Slashdot It!
Submit to reddit
Submit to blinklist
Bookmark on del.icio.us
Add to furl
Share on Facebook
Add to Windows Live
Add to Google- Advertisement
-
-
(1 reply)
#1 Posted by CDog on 05 Jan 2006 - 22:42
- Cool
-
(4 replies)
#2 Posted by noroom on 05 Jan 2006 - 22:48
- oh, was "Frank" also the one who deleted MY POST in the back page news before this was posted?
-
#2.1 Posted by Howard on 05 Jan 2006 - 22:58
- :conspiracytheorist:
Looks like that smiley's not working either
-
#2.3 Posted by Frank on 05 Jan 2006 - 23:26
- Let me tell you I LIVE to hide people's posts in BPN to steal the credit.
-
(1 reply)
#3 Posted by leebobs on 05 Jan 2006 - 22:51
- Non-Critical for ME & 98 :/ I doubt that very much... but then again... the whole 9x line was junk and XP is a critical patch for all those systems.
-
(3 replies)
#4 Posted by eSauce on 05 Jan 2006 - 22:57
- Don't take it personal noroom, it's Neowin!
-
#4.1 Posted by noroom on 05 Jan 2006 - 23:12
- I'm just asking for a little credit, instead of having all the evidence that I posted it removed and someone else getting credit. Someone, who happens to have the ability to remove evidence
-
#4.2 Posted by Howard on 05 Jan 2006 - 23:27
- Since you seem to be sure that your post was deleted, I did a little homework. It wasn't a complicated assignment, all I needed was the "Find Posts by Member" button. Within a couple of seconds of searching, I stumbled across the post you think was removed.
Here it is, your thread was merged by Simon because it was older than the previous one. If you put your toys back in the pram quickly, maybe nobody will notice. -
#4.3 Posted by noroom on 05 Jan 2006 - 23:52
- Oh, lol... Uh... sorry about that
Well, it would be nice if you notified members of the mod actions. I posted it, bookmarked my topic and when I rebooted and loaded up the bookmark, neowin said my topic was gone =/
I think there's and addon for IPB that sends an automated PM to a member if their posts are altered in any way. Would be a nice addition to the forum!
-
(1 reply)
#5 Posted by icecaveman on 05 Jan 2006 - 23:02
- Now how do I enable thumbnail perviews again? Since I disabled them to avoid this vulnerability
-
(1 reply)
#6 Posted by Drestin on 05 Jan 2006 - 23:03
- leebobs... why do you "doubt that very much"? Do you know something they don't? Do you have a clue? Would you like to buy one? It's practically a non-issue on W98 and WinME machines - and then again, those are obsolete and out of date and out of support OSes anyway. Why would they get updates for free still anyway? Consider it a kind gesture on MSs part to issue an update for these 8 year old OSes.
No satisfying some folks...
-
#7 Posted by Hurmoth on 05 Jan 2006 - 23:29
Wonder how much this breaks?
Oh well, here goes nothing. 
-
#8 Posted by Stunna on 05 Jan 2006 - 23:48
- how do you know if you had the virus or not?
-
#9 Posted by 905punk on 05 Jan 2006 - 23:52
- Wasnt this patched in redhat like two years ago
-
(2 replies)
#10 Posted by frogworm on 06 Jan 2006 - 00:12
- was anyone actually afraid that if MS didn't rush a patch out the door they would get infected(place whatever other exploit/virus word here you want)?
with an antivirus, a router, a firewall, and a brain you could avoid getting screwed by bad computer stuff. this was way over-publicized. they even talked about it for a day or two on CNN. -
#10.1 Posted by Frank on 06 Jan 2006 - 00:54
- Me? No I was not worried about getting infected one bit. My mom or my users at work? Yes, I was worried.
There are quite a few users out there who have no idea about this stuff or how it affects them. This will be a problem for many months even now that they patched it. Even if you have an updated anti-virus program doesn't mean your protected. -
#10.2 Posted by BuzZBladE on 06 Jan 2006 - 04:33
- well put frank. personally i disable active scanning with avast antivirus and have my download programs set to automatically scan new files when they come in. however i do run a full scan quarterly. even on dialup i still download 6GB for 10$ a month. and i havnt had a virus since the blaster DCOM exploit, that time i forgot to update windows for 3 months o_O so i deserved it. my mom on the other hand, i had to remove 30 viruses from her pc in 2 years. then i went to see my aunt on labor day, she had even more and spyware from 40 companies (not cookies!
from accepting all activeX components. anyway, no amount of active scanning can stop if its a brand new file, i know a guy that already has a trojan out for this exploit, and no i dont have it or want it so no you cant have it dont ask.
-
#11 Posted by TheBlazingAngel on 06 Jan 2006 - 00:42
- EMERGENCY AUTOPATCHER MODULES AVAILABLE !!!
Link: Click here
( will redirect you to forum thread, urls are messed up with this editor for some reason! )
-
#12 Posted by Vquattro on 06 Jan 2006 - 01:04
- Unofficial WMF Patch compatiable with Windows 98 & ME
http://www.nod32.ch/en/download/tools.php
-
(2 replies)
#13 Posted by Stunna on 06 Jan 2006 - 01:22
- Does anyone know how to detect if your computers been infected?
-
#13.1 Posted by groingo2 on 06 Jan 2006 - 01:54
- Personally I weigh my computer every morning before statrting, if it weighs more than the day before, then there is a virus, if not, then nothing...but then again there is my friendly witch doctor that I consult every now and then...what was the question?
-
(1 reply)
#14 Posted by marlow714 on 06 Jan 2006 - 02:23
- Installing unoffical anything is not a good idea.
-
#14.1 Posted by mrbester on 06 Jan 2006 - 16:20
- It's academic now as the official one is out, but the 2 unofficial ones (one from Eset, the other from hexblog) worked fine and were trumpeted as having been tested on hundreds of systems. That was good enough for me.
FWIW, Shavlik said to install the MS patch BEFORE removing an unofficial, which seems logical and avoids possible infection before you get around to installing the official patch...
-
#15 Posted by macstorm on 06 Jan 2006 - 03:31
- sorry hackers :p this weekend you can go outside
-
#16 Posted by b0m8er on 06 Jan 2006 - 05:56
- Nice to see this patched Thanks MS!
-
#17 Posted by ambiance on 06 Jan 2006 - 05:58
- Nice!
-
#18 Posted by bush on 06 Jan 2006 - 08:05
- sweet. already upgraded, thanks microsoft.
-
#19 Posted by Laser_iCE on 06 Jan 2006 - 08:08
- Just a quick question ... I've been keeping up with this story and all ... But;
Despite previous indications that the Windows Meta File (WMF) security exploit patch will be released on January 10th, Microsoft have released an update via MS Update to fix the WMF issue.
The whole "Despite previous indications", does that mean that it was not officially said by Microsoft that they would be releasing the patch on the 10th? I might have skimmed over it in previous news posts, so sorry if they did ... Just a thought, that's all ;x
-
#20 Posted by markjensen on 06 Jan 2006 - 12:12
- Glad to see Microsoft released this as soon as it was available, instead of waiting for "Patch Tuesday"!
-
(2 replies)
#21 Posted by Daeron Tinúviel on 06 Jan 2006 - 14:18
- can anyoe help? i can get thumbnail display back again, and yes i register the .dll
-
(1 reply)
#22 Posted by tonyjr on 07 Jan 2006 - 02:56
- Bring on the Mac!
The update, brought to our attention by our forums moderator, Frank, weighs in at 196KB and is dated today (5th January 2006). It is rated critical for Windows XP, Windows 2000 and Windows Server 2003. For users of Windows 98 and Me, the exploit is rated non critical and therefore won't be patched. The following extract is from the Technet Bulletin:
Does this update contain any security-related changes to functionality?
Yes. The change introduced to address this vulnerability removes the support for the SETABORTPROC record type from the META_ESCAPE record in a WMF image. This update does not remove support for ABORTPROC functions registered by application SetAbortProc() API calls.
If you installed the patch we recommend earlier in the week, we advise you to remove that first before installing Microsoft's update. For more details on the fix, see below for the full security bulletin