Slashdot Mirror

← Back to Stories (view on slashdot.org)

Interview with Ilfak Guilfanov (WMF Patch Hero)

Posted by Zonk on from the small-acts-lead-to-big-things dept.

GrayWolf42 writes "SecuriTeam Blogs has posted an interview with Ilfak Guilfanov, one of the people developing the IDA Pro disassembler, who also happens to have written the unofficial WMF vulnerability patch. In this short interview he discusses the patch, how it works, and why he wrote it." From the article: "Q: When you heard of this vulnerability, you created a temporary patch to close the hole until Microsoft updated its software. Could you tell us more about what the patch does? A: The patch just removes this powerful command. It does not do anything else. The fix modifies the memory image of the system on the fly. It does not alter any files on the disk. It modifies [the image of] the system DLL 'gdi32.dll' because the vulnerable code is there." Microsoft has released an official update, which you should be able to download from the windows update site.

5 of 167 comments (clear)

  1. Slashdot Windows logo by Randall311 · · Score: 1, Troll

    I love how the Slashdot Windows logo is a broken window, but all of the other OSes on this site have prefectly legit logos representing their topics. Must be a shout-out to all the Windows haters out there... Could we get a legit logo for Windows topics here? Something like this?

  2. Weird error by Anonymous Coward · · Score: 0, Troll

    Weird, here what I got when clicking the windows update link :)

    Thank you for your interest in obtaining updates from our site.

    To use this site, you must be running Microsoft Internet Explorer 5 or later.

    To upgrade to the latest version of the browser, go to the Internet Explorer Downloads website.

  3. Re:Russians RULE by halivar · · Score: 0, Troll

    Russians all da way bro. Best hackers in a world are russian hackers.

    Thanks, comrade. And also thank you for the extra bandwidth and hard-drive space. Your zombified box is helping us spread our spam to the proletariate.

  4. Re:You're missing the point, though by 99BottlesOfBeerInMyF · · Score: 0, Troll

    Similiarly, for all we know they could have had this reported to them on the 27th.

    Thank you captain obvious!

    Here's a helpful tip for the future. If someone challenges an assertion by claiming that there is not sufficient information to draw that conclusion, a response of "but it could be true so stop speculating" is worse than useless. Adding an ad hominem attack does nothing to bolster your argument. Please develop some critical thinking skills and develop a useful opinion, or just be quiet.

  5. OMG!! Windows Patch F#@ked up Slashdot in IE by Dubliner+Macmanus · · Score: 0, Troll

    I just updated Windows with the new patch and !!Whammo!! all the /. posts are black where all I can read is the subject and links. Anyone else have this problem? Works fine in Firefox and Opera though...so I could really care less. Just curious if anyone else is having the same issue. -------- I just /.ted your Mom.