Procrastination, delivered!

All about waiting for the apple to fall. Add yours – reach.singhsong@gmail.com

Microsoft WMF Vulnerability – Patch Conundrum

Posted by hs on January 5, 2006

There has been a slew of patches for the WMF Vulnerability. In addition to the unofficial patch by Ilfak Guilfanov, a as-yet-unfinished Microsoft patch was released online inadvertently.

The vulnerability is very critical in the sense that the user does not need to do anything, except view the image. This can be viewed either in a email or via a browser. Microsoft refused to depart from its monthly patch-release schedule to release an express patch. This gives a cosy 10-day window for the vulnerability to wreck its way worldwide.

Meanwhile Ilfak rose to the occasion and posted an unofficial patch on this website. His site was down earlier due to humongous load (‘half the planet is downloading WMFFIX_HEXBLOG14.exe’), but is back now. The patch has also been mirrored by a number of sites including, GRC.com, Sunbelt Software, Antisource. F-Secure and Internet Storm Center (SANS) recommended that customers use Ilfak’s patches while Microsoft puts its patch together.
Resources

Update: Microsoft has released a patch – it is being automatically applied to machines (Win XP SP2 atleast) with Automatic Updates enabled.

Keywords: WMF, Vulnerability, Microsoft, Ilfak Guilfanov, Patch, WMFFIX_HEXBLOG, WMFFIX_HEXBLOG14, GRC.com, Window, Patch Schedule, F-Secure, Internet Storm Center, SANS, FAQ, Securiteam, Advisory

About these ads

One Response to “Microsoft WMF Vulnerability – Patch Conundrum”

  1. techwoo said

    Microsoft WMF Vulnerability – Patch Conundrum .Thanks for nice post.I added to my twitter.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
Follow

Get every new post delivered to your Inbox.

%d bloggers like this: