1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Survey: WMF Vulnerability - Unofficial Patch

Discussion in 'Virus & Other Malware Removal' started by BanditFlyer, Jan 4, 2006.

?

Have you installed the _Unofficial_ WMF Vulnerability patch

  1. Yes

    41.7%
  2. No

    58.3%
Thread Status:
Not open for further replies.
Advertisement
  1. BanditFlyer

    BanditFlyer Thread Starter

    Joined:
    Oct 25, 2005
    Messages:
    12,552
  2. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,223
    First Name:
    Derek
    Normally I would NEVER advise unofficial patches BUT this one is the exception and I strongly recommend NOT waiting for M$ on this one as the risk is just too high

    As far as we can tell no problems should arise from installing the patch ( the only very slight possibility is that some printers MIGHT not print certain types of images correctly)

    Provided you uninstall thsi patch before installing teh M$ one when it comes out you should be OK
     
  3. khazars

    khazars

    Joined:
    Feb 15, 2004
    Messages:
    12,302
    I tried it and it screwed up my mozilla browser and opera browser so I had to uninstall it to reinstall the browsers, I then unregisterd the dll until MS officiall patch arives!
     
  4. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,223
    First Name:
    Derek

    never seen that before

    works for FF for me & countless others and I know many Opera users who have installed it with no probs

    what OS are you using

    might be an idea to post on teh CC board about it

    CC have set up a special board to deal with comments and bugs

    http://castlecops.com/f212-Hexblog.html
     
  5. khazars

    khazars

    Joined:
    Feb 15, 2004
    Messages:
    12,302
    Derek, false alarm, I installed it again and everything is ok! I guess it was proxomitron playing up again!
     
  6. TOGG

    TOGG

    Joined:
    Apr 2, 2002
    Messages:
    5,863
    I d/l it but then had doubts if it would work with 98.

    Eset (NOD) are offering a patch (not sure if it's a variant of the Guilfanov one) but I don't think I'll use that either.

    NOD apparently catches the 73 known WMF variants (so far); http://www.eset.com/about/press.htm#media (to be fair, I think Avast, Norton, Mcafee and several others performed as well, but not AVG).
     
  7. BanditFlyer

    BanditFlyer Thread Starter

    Joined:
    Oct 25, 2005
    Messages:
    12,552
    I tried searchiing the symantec website for "WMF" but all the links the search brought up were from before Dec 27, so I assumed that Symantec, which owns Norton, hadn't done anything about it yet.

    Where did you get your info? I found out about the vulnerability for the updatexp newsletter, but it looks like I'm missing out on a lot of good info(thank goodness for TSG!!).
     
  8. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,223
    First Name:
    Derek

    Aparantly 98 isn't so easily affected as it uses a different version of the gdi32.dll that is a the root of the problem and also doesn't have picture & fax viewer built in but is is still at risk from what I can find out

    The patches are NOT designed for 98/ME
     
  9. TOGG

    TOGG

    Joined:
    Apr 2, 2002
    Messages:
    5,863
    I got the detail about the 73 variants from a newsletter I subscribe to and their source appears to be this; http://www.eweek.com/article2/0,1759,1907102,00.asp?kc=EWRSS03129TX1K0000614

    I have also seen an article confirming dvk01's point about the risk to the older OS's being less than for 2K onwards. The text for unregistering the affected dll certainly doesn't work for 98!
     
  10. BanditFlyer

    BanditFlyer Thread Starter

    Joined:
    Oct 25, 2005
    Messages:
    12,552
    How about some opinions relating to installing the patch on an enterprise-wide scale?
     
  11. BanditFlyer

    BanditFlyer Thread Starter

    Joined:
    Oct 25, 2005
    Messages:
    12,552
  12. lotuseclat79

    lotuseclat79

    Joined:
    Sep 12, 2003
    Messages:
    20,583
    My AV has caught several instances of the WMF allowing me to quarantine it and cancel out of a bogus download which if I allowed it would save it to disk. Whew! Also, looking at the quarantined items not all of them have the .wmf suffix. Some of them have a suffix of .wm.

    BTW, my AV is PC-Cillin Internet Security 2005.

    -- Tom
     
  13. TOGG

    TOGG

    Joined:
    Apr 2, 2002
    Messages:
    5,863
    This is an interesting, if confusing, update on the AV comparatives check on WMF (this has AVG catching only 13 - big change from 60 in the earlier article, which makes you wonder about how useful these tests are) ; http://www.pcmag.com/article2/0,1895,1907518,00.asp
     
  14. BanditFlyer

    BanditFlyer Thread Starter

    Joined:
    Oct 25, 2005
    Messages:
    12,552
    Good Info. Thanks Tom. I haven't seen any "captures" by Symantec yet, but it is on the list of vendors who are blocking all 73 'sploits so I guess I shouldn't worry too much.
     
  15. TOGG

    TOGG

    Joined:
    Apr 2, 2002
    Messages:
    5,863
    It's Firewallguide.com ; http://www.firewallguide.com/newsletter.htm

    Polak's thread further down the page refers to the Eset patch, which isn't the same as the one discussed in this thread and, apparently, does work with 98/ME.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/431054

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice