Security Update for Windows XP (KB912919)

[+Batfink Subscriber²]

(Y) Its Official, about time Microsoft Patched this.

Lets get the news out to all! :D

[StartMeUp]

Thanks!

[acedriver]

updating..

[Corris Veteran]

woot :laugh:

nice to know they got it out earlier than intended, but i wonder why.....

[madnuke]

Thank god for that! I know why they released it early..... :shifty:

[Dazog]

this is NOT the patch to solve the wmf problem.

I ran the utility and it says i am still open to attacks.

[Andrew Lyle Global Moderator]

this requires a restart.

[Lare2]

this is NOT the patch to solve the wmf problem.

I ran the utility and it says i am still open to attacks.

:blink: Wich utility ?

[gifa47]

thanks.. I installed the update, restarted, run the checker and my system is not vulnerable anymore :D

[macmax]

installed update ... restart .... check with utility ... Not vulnerable ... patch works :)

[Si Veteran]

Threads merged

[one321]

Awesome. Glad to see this update out earlier than expected.

[Banzai]

I hope all that argued about the with me about the importance of getting this patched quickly, will kindly eat humble pie now, yes admin might not like to update out of cycle but its allot easer than spending an hour repairing 300 of the 1000 machines.

[ipodman715]

It works fine on my 2 other comps.

If you have the temporary patch, you should uninstall it after you get the MS patch:

"You SHOULD REMOVE THIS PATCH to restore full functionality to Windows Metafile processing once Windows has been officially updated and repaired."

- http://www.grc.com/sn/notes-020.htm

[testman]

Yep, Microsoft have updated their advisory too.

[Mouldy Punk]

This is the patch for the WMF thing according to microsoft. Follow a few links around and you end up on this page which clearly describes the problem as "The Windows Graphical Device Interface library (GDI32.DLL) in Microsoft Windows allows remote attackers to execute arbitrary code via a Windows Metafile (WMF) format image with a crafted SETABORTPROC GDI Escape function call, related to the Windows Picture and Fax Viewer (SHIMGVW.DLL), a different vulnerability than CVE-2005-2123 and CVE-2005-2124, and as originally discovered in the wild on unionseek.com. "

[noroom]

Security update for WMF vulnerability

Published: January 5, 2006

Get the security update for the Windows Meta File (WMF) vulnerability from Microsoft Update. The bulletin title for this update is: Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution (912919).

To update your home computer, follow the steps on this page.

IT professionals and systems administrators should review the guidance on Microsoft TechNet.

Source: Microsoft.com

[Si Veteran]

Threads merged again

[_I am Reptar]

Got it via Windows Update, thanks!

[M/\TT]

Updated - Now rebooting *sigh*

[McGazza]

Thanks for the heads up on this one, for some reason i thought the WMF vunerability and the code one were two different ones lol. Just a dumb moment!

[gahbmwM5]

For those who would like some more info here is a link to a CastleCops HexBlog FAQ:

http://castlecops.com/p690060-Hexblog_WMF_FAQ.html

Also, there is a Forum section which is administered by a MS-MVP, but moderated by ilfak, the author of the non-official wmf hotfixes, and vunerability checker: Some interestings questions and scenarios to review:

http://castlecops.com/f212-Hexblog.html

One thread relates to installing the Official Microsoft Patch:

http://www.microsoft.com/technet/securi...6-001.mspx

and ilfak's vuneability checker...Here's the title of just one thread:

'checker doesnt detect official patch?'

"after installin the official microsoft patch and re-registering the DLL, i ran the wmf checker again, and it said that my system is vulnerable. is it because of the DLL? or something else? or does the result of the checker not matter anymore?

thanks."

Answer:

"Once the MS patch is applied, the wmf checker no longer applies"

._________________

Microsoft MVP

Windows-Security CastleCops:

[ShaneSparky_YYZ]

Is this a patch for the newly discussed WMF Vulnerability ???

And another question do we need to uninstall the original Un-official patch by SANS before applying this ? cos if this is not the real patch for the WMF i wont be un-installing the SANS one

Yup, uninstall it :)

[amrinders87]

Nice that Microsoft released it ahead of schedule.

[Slimy]

Ahead of schedule, well that was unexpected, but good stuff :D