Microsoft aim to release .wmf patch on Jan 10th

Discussion in 'other security issues & news' started by eyes-open, Jan 3, 2006.

Thread Status:
Not open for further replies.
  1. eyes-open

    eyes-open Registered Member

    Joined:
    May 13, 2005
    Posts:
    721
  2. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    3,526
    Location:
    USA - Back in a real State in time for a real Pres
    I already found a great patch on grc.com. Gibson found 1.:thumb:
     
  3. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
    Yes, good info there as well.
    It's the Patch that Ilfak put up at his HexBlog site which is down at the moment due to heavy traffic but Steve Gibson has kindly hosted.

    So anyone wanting that patch get it from Steve's GRC Site here: http://www.grc.com/sn/notes-020.htm and install. In the same section, you will see a test file also from the same author [Ilfak] and if installed correctly and working you should see the following message as in pic.

    Cheers, TAS
     

    Attached Files:

    • 088.GIF
      088.GIF
      File size:
      6.8 KB
      Views:
      15
  4. eyes-open

    eyes-open Registered Member

    Joined:
    May 13, 2005
    Posts:
    721
    Agreed - the unofficial patch has been very well received & more than timely. I would still expect most people will want to uninstall it and then install the official one as soon as it comes out.

    Simply because any future updates from Microsoft will aim to be compatible with their official patch, not necessarily Ilfak Guilfanov's.

    Also I guess there will be those who are getting by with sandboxes,filters,vm's ....... or just crossed fingers, who have chosen not to rely on 3rd party installs & have instead been waiting for the Ms announcement.

    That said, it will be interesting to find out how similar the Microsoft patch is to the one by Ilfak.
     
  5. stateful54

    stateful54 Guest

    Does anyone know if the latest version of SandboxIE would be protect you against the WMF exploit if you browse with SandboxIE? Thanx.
     
  6. metallicakid15

    metallicakid15 Registered Member

    Joined:
    Dec 6, 2005
    Posts:
    454
    just by using firefox is enough i guess since firefox asks you to run or install a program before it opens it unlike ie
     
  7. metallicakid15

    metallicakid15 Registered Member

    Joined:
    Dec 6, 2005
    Posts:
    454
    they released it today!
     
  8. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
  9. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
    OK, downloaded it, installed it, uninstalled the .wmf patch 1.4 from Ilfak, rebooted, and all seems to be working fine.

    Browsers, email clients, all security apps, etc.

    TAS
     
  10. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    Ditto, same here. Everything working;)
     
  11. JRCATES

    JRCATES Registered Member

    Joined:
    Apr 7, 2005
    Posts:
    1,203
    Location:
    USA
    I installed the Microsoft officially released patch this evening that was made available via the sys tray icon for Windows Auto Updates, but did not "uninstall the .wmf patch 1.4 from Ilfak". Is this particular step in the "unofficial release"? Or is this a "required" procedure (through the official release from Microsoft)? And if it is, why didn't the Windows update alert make any mention of this (I just installed the patch, it said reboot was needed, so I did)?

    EDIT: Never mind, found out what the ".wmf patch 1.4 from Ilfak" referred to was thanks to Ilfak's post himself over at CastleCops....
     
    Last edited: Jan 6, 2006
Loading...
Thread Status:
Not open for further replies.