Survey: WMF Vulnerability - Unofficial Patch

Have you installed the _Unofficial_ WMF Vulnerability patch


  • Total voters
    12
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
Normally I would NEVER advise unofficial patches BUT this one is the exception and I strongly recommend NOT waiting for M$ on this one as the risk is just too high

As far as we can tell no problems should arise from installing the patch ( the only very slight possibility is that some printers MIGHT not print certain types of images correctly)

Provided you uninstall thsi patch before installing teh M$ one when it comes out you should be OK
 
Joined
Feb 15, 2004
Messages
12,302
I tried it and it screwed up my mozilla browser and opera browser so I had to uninstall it to reinstall the browsers, I then unregisterd the dll until MS officiall patch arives!
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
khazars said:
I tried it and it screwed up my mozilla browser and opera browser so I had to uninstall it to reinstall the browsers, I then unregisterd the dll until MS officiall patch arives!

never seen that before

works for FF for me & countless others and I know many Opera users who have installed it with no probs

what OS are you using

might be an idea to post on teh CC board about it

CC have set up a special board to deal with comments and bugs

http://castlecops.com/f212-Hexblog.html
 
Joined
Feb 15, 2004
Messages
12,302
Derek, false alarm, I installed it again and everything is ok! I guess it was proxomitron playing up again!
 
Joined
Apr 2, 2002
Messages
5,945
I d/l it but then had doubts if it would work with 98.

Eset (NOD) are offering a patch (not sure if it's a variant of the Guilfanov one) but I don't think I'll use that either.

NOD apparently catches the 73 known WMF variants (so far); http://www.eset.com/about/press.htm#media (to be fair, I think Avast, Norton, Mcafee and several others performed as well, but not AVG).
 

BanditFlyer

Thread Starter
Joined
Oct 25, 2005
Messages
12,552
TOGG said:
I d/l it but then had doubts if it would work with 98.

Eset (NOD) are offering a patch (not sure if it's a variant of the Guilfanov one) but I don't think I'll use that either.

NOD apparently catches the 73 known WMF variants (so far); http://www.eset.com/about/press.htm#media (to be fair, I think Avast, Norton, Mcafee and several others performed as well, but not AVG).
I tried searchiing the symantec website for "WMF" but all the links the search brought up were from before Dec 27, so I assumed that Symantec, which owns Norton, hadn't done anything about it yet.

Where did you get your info? I found out about the vulnerability for the updatexp newsletter, but it looks like I'm missing out on a lot of good info(thank goodness for TSG!!).
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
TOGG said:
I d/l it but then had doubts if it would work with 98.

Eset (NOD) are offering a patch (not sure if it's a variant of the Guilfanov one) but I don't think I'll use that either.

NOD apparently catches the 73 known WMF variants (so far); http://www.eset.com/about/press.htm#media (to be fair, I think Avast, Norton, Mcafee and several others performed as well, but not AVG).

Aparantly 98 isn't so easily affected as it uses a different version of the gdi32.dll that is a the root of the problem and also doesn't have picture & fax viewer built in but is is still at risk from what I can find out

The patches are NOT designed for 98/ME
 

BanditFlyer

Thread Starter
Joined
Oct 25, 2005
Messages
12,552
How about some opinions relating to installing the patch on an enterprise-wide scale?
 
Joined
Sep 12, 2003
Messages
20,583
My AV has caught several instances of the WMF allowing me to quarantine it and cancel out of a bogus download which if I allowed it would save it to disk. Whew! Also, looking at the quarantined items not all of them have the .wmf suffix. Some of them have a suffix of .wm.

BTW, my AV is PC-Cillin Internet Security 2005.

-- Tom
 

BanditFlyer

Thread Starter
Joined
Oct 25, 2005
Messages
12,552
lotuseclat79 said:
My AV has caught several instances of the WMF allowing me to quarantine it and cancel out of a bogus download which if I allowed it would save it to disk. Whew! Also, looking at the quarantined items not all of them have the .wmf suffix. Some of them have a suffix of .wm.

BTW, my AV is PC-Cillin Internet Security 2005.

-- Tom
Good Info. Thanks Tom. I haven't seen any "captures" by Symantec yet, but it is on the list of vendors who are blocking all 73 'sploits so I guess I shouldn't worry too much.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top