Security Update for Windows XP (KB912919)

[Joe User 99]

WMF patch released early.

Security Update for Windows XP (KB912919)

Here's the other platforms also:

Security Update for Windows Server 2003 (KB912919)

Security Update for Windows 2000 (KB912919)

Security Update for Windows XP x64 Edition (KB912919)

Security Update for Windows Server 2003 64-bit Itanium Edition (KB912919)

The Security bulletin ( MS06-001 ) is now available and confirms this covers the WMF vulnerability.

Graphics Rendering Engine Vulnerability - CVE-2005-4560:

A remote code execution vulnerability exists in the Graphics Rendering Engine because of the way that it handles Windows Metafile (WMF) images. An attacker could exploit the vulnerability by constructing a specially crafted WMF image that could potentially allow remote code execution if a user visited a malicious Web site or opened a specially crafted attachment in e-mail. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

The KB article ( 912919 ) is still not available.

Edited January 5, 2006 by Joe User 99

[Dane2003]

Could be...Downloading anyway, good to stay patched.

[cybershark]

It's an update to KB896424 I think: http://www.microsoft.com/technet/security/...n/MS05-053.mspx

This is the advisory page for the wmf exploit

Microsoft Security Advisory (912840)

Edited January 5, 2006 by cybershark

[Elliot B.]

No idea what it is, but I've installed it anyway, can't hurt being more patched up.

[phantom76]

:) MS Site Ahead of plan

[raskren]

Check out Windows Update. It is there.

[phantom76]

Microsoft Security Page Bowing to public presure to move the fix up to ASAP MS is breaking with their patch release plans and is making the fix aviable on it's site at 2 PST

[cybershark]

It's on windows update now

[Quillz]

Just got it.

[John Veteran]

This should be in BPN.

[kennyout]

yeah it was released today on winupdate too like cybershark said...

amazed they got it out faster than they said (they said the 10th)

[Premgenius]

thanks

[MGS4-SS]

Another

for Windows. Downloading now.

[macmax]

Is this a patch for the newly discussed WMF Vulnerability ???

And another question do we need to uninstall the original Un-official patch by SANS before applying this ? cos if this is not the real patch for the WMF i wont be un-installing the SANS one

[[DGS]]

YES - YOU SHOULD UNISTALL THE UNOFFICIAL PATCH EVERYONE!

The creator said so in his agreement text!

[macmax]

Just download the wmf_checker_hexblog.exe to check if ur system is protected

http://www.hexblog.com/index.html

[macstorm]

' date='Jan 5 2006, 16:02' post='587021339']

YES - YOU SHOULD UNISTALL THE UNOFFICIAL PATCH EVERYONE!

The creator said so in his agreement text!

can't believe anyone installing unofficial patches :no:

[yisman]

It's downloading right now. Is it confirmed that it will cover the WMF problem?

[gertin]

Patching time soon I guess.

[Lare2]

Nice (Y)

[rvbfan]

https://www.neowin.net/forum/index.php?show...#entry587021390

[macmax]

lol dude !!! it comes from SANS which is a very reputed organisation if you know even a little about security

SANS? Institute - Computer Security Education and Information ...

http://isc.sans.org/

* Microsoft Patches Released (NEW)

Published: 2006-01-05,

Last Updated: 2006-01-05 21:11:22 UTC by Marcus Sachs (Version: 2(click to highlight changes))

Many of you already know this if you receive advance notification from Microsoft. For everybody else, see their announcement about an early release of the WMF patch. The patch and details about it are available here. If you have installed any of the earlier patches or workarounds, here is our recommendation for updating:

1. Reboot your system to clear any vulnerable files from memory

2. Download and apply the new patch

3. Reboot

4. Uninstall the unofficial patch, by using Add/Remove Programs on single systems. If you used msi to install the patch on multiple machines you can uninstall it with this:

msiexec.exe /X{E1CDC5B0-7AFB-11DA-8CD6-0800200C9A66} /qn

5. Re-register the .dll if you previously unregistered it (use the same command but without the "-u"):

regsvr32 %windir%\system32\shimgvw.dll

6. Reboot one more time just for good measure

I'd like to take this opportunity to thank all of our incident handlers for the endless hours of analysis over the past week. Also, many thanks to the hundreds of readers who sent in analysis and observations. Finally, thanks to the response team at Microsoft for issuing the patch today. We all appreciate the extra internal effort it took to do this out of cycle.

Marcus H. Sachs

Director, SANS Internet Storm Center

[macstorm]

now released https://www.neowin.net/forum/index.php?showtopic=416918

[+vlsi0n Subscriber¹]

Why isn't this on the front page? Oh well, glad they got it out early, should keep some bashers quieter for about a min ;)

[Lare2]

Why isn't this on the front page? Oh well, glad they got it out early, should keep some bashers quieter for about a min ;)

The frontpage of neowin is not a great source of "up to the minute" news source. It usually takes some time to appear on frontpage after has been on the forums.