Security Update for Windows XP (KB912919)

By Joe User 99
in Back Page News

 Share

Recommended Posts

Grand Master

Banzai

Posted
Posted

I hope all that argued about the with me about the importance of getting this patched quickly, will kindly eat humble pie now, yes admin might not like to update out of cycle but its allot easer than spending an hour repairing 300 of the 1000 machines.

Rising Star

ipodman715

Posted
Posted

It works fine on my 2 other comps.

If you have the temporary patch, you should uninstall it after you get the MS patch:

"You SHOULD REMOVE THIS PATCH to restore full functionality to Windows Metafile processing once Windows has been officially updated and repaired."

- http://www.grc.com/sn/notes-020.htm

Grand Master

Mouldy Punk

Posted
Posted

This is the patch for the WMF thing according to microsoft. Follow a few links around and you end up on this page which clearly describes the problem as "The Windows Graphical Device Interface library (GDI32.DLL) in Microsoft Windows allows remote attackers to execute arbitrary code via a Windows Metafile (WMF) format image with a crafted SETABORTPROC GDI Escape function call, related to the Windows Picture and Fax Viewer (SHIMGVW.DLL), a different vulnerability than CVE-2005-2123 and CVE-2005-2124, and as originally discovered in the wild on unionseek.com. "

Veteran

noroom

Posted
Posted

Security update for WMF vulnerability

Published: January 5, 2006

Get the security update for the Windows Meta File (WMF) vulnerability from Microsoft Update. The bulletin title for this update is: Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution (912919).

To update your home computer, follow the steps on this page.

IT professionals and systems administrators should review the guidance on Microsoft TechNet.

Source: Microsoft.com

Community Regular

gahbmwM5

Posted
Posted

For those who would like some more info here is a link to a CastleCops HexBlog FAQ:

http://castlecops.com/p690060-Hexblog_WMF_FAQ.html

Also, there is a Forum section which is administered by a MS-MVP, but moderated by ilfak, the author of the non-official wmf hotfixes, and vunerability checker: Some interestings questions and scenarios to review:

http://castlecops.com/f212-Hexblog.html

One thread relates to installing the Official Microsoft Patch:

http://www.microsoft.com/technet/securi...6-001.mspx

and ilfak's vuneability checker...Here's the title of just one thread:

'checker doesnt detect official patch?'

"after installin the official microsoft patch and re-registering the DLL, i ran the wmf checker again, and it said that my system is vulnerable. is it because of the DLL? or something else? or does the result of the checker not matter anymore?

thanks."

Answer:

"Once the MS patch is applied, the wmf checker no longer applies"

._________________

Microsoft MVP

Windows-Security CastleCops:

Grand Master

ShaneSparky_YYZ

Posted
Posted

Is this a patch for the newly discussed WMF Vulnerability ???

And another question do we need to uninstall the original Un-official patch by SANS before applying this ? cos if this is not the real patch for the WMF i wont be un-installing the SANS one

Yup, uninstall it :)

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.