Microsoft aim to release .wmf patch on Jan 10th

That's it - Microsoft aim to release their patch for the .wmf exploit on January 10th.


http://isc.sans.org/diary.php?storyid=1009


http://www.microsoft.com/technet/security/advisory/912840.mspx

 

I already found a great patch on grc.com. Gibson found 1.

 

Yes, good info there as well.
It's the Patch that Ilfak put up at his HexBlog site which is down at the moment due to heavy traffic but Steve Gibson has kindly hosted.

So anyone wanting that patch get it from Steve's GRC Site here: http://www.grc.com/sn/notes-020.htm and install. In the same section, you will see a test file also from the same author [Ilfak] and if installed correctly and working you should see the following message as in pic.

Cheers, TAS

 

Agreed - the unofficial patch has been very well received & more than timely. I would still expect most people will want to uninstall it and then install the official one as soon as it comes out.

Simply because any future updates from Microsoft will aim to be compatible with their official patch, not necessarily Ilfak Guilfanov's.

Also I guess there will be those who are getting by with sandboxes,filters,vm's ....... or just crossed fingers, who have chosen not to rely on 3rd party installs & have instead been waiting for the Ms announcement.

That said, it will be interesting to find out how similar the Microsoft patch is to the one by Ilfak.

 

Does anyone know if the latest version of SandboxIE would be protect you against the WMF exploit if you browse with SandboxIE? Thanx.

 

just by using firefox is enough i guess since firefox asks you to run or install a program before it opens it unlike ie

 

they released it today!

 

Yes they did. thanks for posting in here, was about to do so and saw your post.
http://www.microsoft.com/technet/security/Bulletin/ms06-Jan.mspx


Direct download. http://www.microsoft.com/downloads/details.aspx?familyid=0C1B4C96-57AE-499E-B89B-215B7BB4D8E9&displaylang=en

you can also update thru MSWU.

I have dl'd, about to install.. shall let you know how it goes [if I recover, lol]

TAS

 

OK, downloaded it, installed it, uninstalled the .wmf patch 1.4 from Ilfak, rebooted, and all seems to be working fine.

Browsers, email clients, all security apps, etc.

TAS

 

Ditto, same here. Everything working

 

I installed the Microsoft officially released patch this evening that was made available via the sys tray icon for Windows Auto Updates, but did not "uninstall the .wmf patch 1.4 from Ilfak". Is this particular step in the "unofficial release"? Or is this a "required" procedure (through the official release from Microsoft)? And if it is, why didn't the Windows update alert make any mention of this (I just installed the patch, it said reboot was needed, so I did)?

EDIT: Never mind, found out what the ".wmf patch 1.4 from Ilfak" referred to was thanks to Ilfak's post himself over at CastleCops....