Slashdot Mirror

← Back to Stories (view on slashdot.org)

Businesses Urged To Use Unofficial Windows Patch

Posted by Zonk on from the quick-quick dept.

frankie writes "ZDNet is reporting on the latest dire pronouncements about the WMF vulnerability. The problem is so serious that security experts are urging IT firms to use the unofficial patch. Microsoft's current goal is to release the update on Tuesday." From the ZDNet article: "This is a very unusual situation -- we've never done this before. We trust Ilfak, and we know his patch works. We've confirmed the binary does what the source code said it does. We've installed the patch on 500 F-Secure computers, and have recommended all of our customers do the same. The businesses who have installed the patch have said it's highly successful" It's big enough that even mainstream media is covering the flaw.

4 of 374 comments (clear)

  1. More details by anandpur · · Score: 5, Informative

    Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution

    http://www.securityfocus.com/bid/16074
    http://www.microsoft.com/technet/security/advisory /912840.mspx
    http://www.symantec.com/avcenter/venc/data/pf/pwst eal.bankash.g.html

  2. Re:block wmf by NinePenny · · Score: 5, Informative

    Its not just the extension that dictates that it's a WMF... Windows in its infinate wisdom also looks at the header bytes of the file and says "ohh! thats a WMF!" Execute! im in a damned hurry, hopfully I stated that correctly...ymmv

  3. The issue was actually a feature... by antdude · · Score: 5, Informative

    According to this F-Secure's Web log, it tells what is going wrong with the Windows Metafiles (WMF) vulnerability. It turns out this is not really a bug, it's just a bad design from another era. When Windows Metafiles were designed in late 1980s, a feature was included that allowed the image files to contain actual code. This code would be executed via a callback in special situations. This was not a bug; this was something which was needed at the time. The feature now in the limelight is known as the Escape() function and especially the SetAbortProc subfunction, and has been around since Windows 3.0, shipped in 1990...

    Seen on Digg. This Broadband Reports' security forum thread mentioned this as well.

    Copied and pasted from my AQFL Web site.

    --
    Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
  4. Download by reconn · · Score: 5, Informative

    If you want the patch itself, try here:
    http://isc.sans.org/diary.php?storyid=1010

    Second time this story came up with no links to the patch.

    --
    Everything that was once directly lived has receded into a representation. -debord