- WMF patch available now
- Posted by Wesley Vogel on January 5th, 2006
Microsoft Security Bulletin MS06-001
Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution
(912919)
http://www.microsoft.com/technet/sec.../ms06-001.mspx
--
Hope this helps. Let us know.
Wes
MS-MVP Windows Shell/User
- Posted by WTC on January 5th, 2006
Thanks Wesley for the heads up.
--
William
"Wesley Vogel" <123WVogel955@comcast.net> wrote in message
news:OoXemujEGHA.1240@TK2MSFTNGP09.phx.gbl...
> Microsoft Security Bulletin MS06-001
> Vulnerability in Graphics Rendering Engine Could Allow Remote Code
> Execution
> (912919)
> http://www.microsoft.com/technet/sec.../ms06-001.mspx
>
> --
> Hope this helps. Let us know.
>
> Wes
> MS-MVP Windows Shell/User
>
- Posted by Wesley Vogel on January 5th, 2006
Your Welcome, William.
I downloaded and installed it. Now I am a little safer until the next
exploit.
--
Hope this helps. Let us know.
Wes
MS-MVP Windows Shell/User
In news:eakdOWkEGHA.2912@tk2msftngp13.phx.gbl,
WTC <bcrawfordjr(remove)@hotmail.com> hunted and pecked:
> Thanks Wesley for the heads up.
>
> --
> William
>
> "Wesley Vogel" <123WVogel955@comcast.net> wrote in message
> news:OoXemujEGHA.1240@TK2MSFTNGP09.phx.gbl...
>> Microsoft Security Bulletin MS06-001
>> Vulnerability in Graphics Rendering Engine Could Allow Remote Code
>> Execution
>> (912919)
>> http://www.microsoft.com/technet/sec.../ms06-001.mspx
>>
>> --
>> Hope this helps. Let us know.
>>
>> Wes
>> MS-MVP Windows Shell/User
- Posted by John Waller on January 5th, 2006
> I downloaded and installed it. Now I am a little safer until the next
> exploit.
From the exploit itself?
or from passionately discussed threads in this forum on Microsoft's delay in
releasing the patch?
:-)
--
Regards
John Waller
- Posted by jopa66 on January 5th, 2006
I see your smiley there, but can we not give credit where credit is due?
When Microsoft made the corporate decision to release updates on a monthly
schedule, it was not only for their benefit but the entire IT infrastructure
as well. They also stated to the sort that if a situation warranted an
update outside of the normal schedule, they would release it ASAP,
regardless of the schedule. This patch has been released 5 days ahead of
January's scheduled updates. I am not a programmer but, I imagine that it
takes time to code and thoroughly test these patches. They did provide a
temporary workaround very soon after they became aware of the exploit. I can
remember the days when patches were released too soon, resulting in the
necessity to re-patch the patches. Certainly not good for their corporate
image! I'm not proposing that Microsoft (or any company or person for that
matter) is beyond reproach but, I do see this situation as responsible
action and fulfillment of a promise.
--
~john aka: jopa
"John Waller" <johnw@REMOVETHISpinnacleweb.com.au> wrote in message
news:OD%23Ne5kEGHA.2712@TK2MSFTNGP10.phx.gbl...
>> I downloaded and installed it. Now I am a little safer until the next
>> exploit.
>
> From the exploit itself?
>
> or from passionately discussed threads in this forum on Microsoft's delay
> in releasing the patch?
>
> :-)
>
> --
> Regards
>
> John Waller
>
- Posted by Mike Hall \(MS-MVP\) on January 6th, 2006
John
Accept the patch in good faith..
--
Mike Hall
MVP - Windows Shell/User
"John Waller" <johnw@REMOVETHISpinnacleweb.com.au> wrote in message
news:OD%23Ne5kEGHA.2712@TK2MSFTNGP10.phx.gbl...
>> I downloaded and installed it. Now I am a little safer until the next
>> exploit.
>
> From the exploit itself?
>
> or from passionately discussed threads in this forum on Microsoft's delay
> in releasing the patch?
>
> :-)
>
> --
> Regards
>
> John Waller
>
- Posted by Rock on January 6th, 2006
John Waller wrote:
>>I downloaded and installed it. Now I am a little safer until the next
>>exploit.
>
>
> From the exploit itself?
>
> or from passionately discussed threads in this forum on Microsoft's delay in
> releasing the patch?
>
> :-)
>
What deley. They were quite timely IMO.
--
Rock
MS MVP Windows - Shell/User
- Posted by Wesley Vogel on January 6th, 2006
What's SP2?
Seriously, I do have a new case, power supply and DVD burner anxiously
awaiting all the other components. Decisions, decisions.
--
Hope this helps. Let us know.
Wes
MS-MVP Windows Shell/User
In news:%23XqPdlkEGHA.2544@TK2MSFTNGP11.phx.gbl,
Saucy Lemon <saucy@s.can.be> hunted and pecked:
> Wesley Vogel wrote:
>> Your Welcome, William.
>>
>> I downloaded and installed it. Now I am a little safer until the next
>> exploit.
>>
>>
>> In news:eakdOWkEGHA.2912@tk2msftngp13.phx.gbl,
>> WTC <bcrawfordjr(remove)@hotmail.com> hunted and pecked:
>>> Thanks Wesley for the heads up.
>>>
>>> --
>>> William
>>>
>>> "Wesley Vogel" <123WVogel955@comcast.net> wrote in message
>>> news:OoXemujEGHA.1240@TK2MSFTNGP09.phx.gbl...
>>>> Microsoft Security Bulletin MS06-001
>>>> Vulnerability in Graphics Rendering Engine Could Allow Remote Code
>>>> Execution
>>>> (912919)
>>>> http://www.microsoft.com/technet/sec.../ms06-001.mspx
>>>>
>>>> --
>>>> Hope this helps. Let us know.
>>>>
>>>> Wes
>>>> MS-MVP Windows Shell/User
>
> This .WMF exploit would fail against a modern CPU with the no-execute bit
> if Windows XP2's DEP is enabled. If you are of the sort to be concerned,
> and you like to upgrade, here is a real excuse to do so. All the newer
> AMD and Intel CPUs have the no-execute bit. This combined with DEP makes
> buffer overrrun exploits a thing of the past for the most part. The
> current .WMF exploit doesn't work against such a combination.
- Posted by Rick on January 6th, 2006
WTC wrote:
> Thanks Wesley for the heads up.
>
Just be sure you delete it before inatalling Microsoft's patch.
Rick
- Posted by WTC on January 6th, 2006
"Rick" <fsholbrook@yahoo.com> wrote in message
news:%23Ei5yJmEGHA.268@TK2MSFTNGP09.phx.gbl...
> WTC wrote:
>> Thanks Wesley for the heads up.
>>
> Just be sure you delete it before inatalling Microsoft's patch.
>
Please elaborate....delete what? Or are you just assuming things about my
computer's health?
--
William
- Posted by John Waller on January 6th, 2006
> What deley.
I should have said alleged delay, which some were vehemently claiming.
>They were quite timely IMO.
I agree.
--
Regards
John Waller
- Posted by John Waller on January 6th, 2006
> Accept the patch in good faith..
Done and installed.
I think Microsoft responded well.
--
Regards
John Waller
- Posted by Shane on January 6th, 2006
> I can remember the days when patches were released too soon, resulting in
> the necessity to re-patch the patches.
Well you don't have to remember far, then. Certainly patches have been
released and then revised, since scheduled monthly releases became the norm,
because the original caused problems. If such has now been rectified it's
still too soon to be cited as evidence of the schedule's efficacy. It's a
shame the posters ignored that fact when eagerly agreeing with your
timeliness point (which I don't disagree with, I'm just not biased enough to
tacitly agree with your entire argument).
Shane
--
The Sugitive
Chapter One: http://tinyurl.com/bcevp
Chapter Two: http://tinyurl.com/ag92o
Chapter Three: Coming to an URL near you soon!
------------------------------------
- Posted by jopa66 on January 6th, 2006
Yes. Well I didn't mean it to sound like everything is perfect in today's
world. It's just that before the schedule, it seemed that sometimes we were
barraged with countless random patches and re-patches. I'm just glad that
today they seem to be more careful with what they do release, even if that
means we must wait a little longer for the updates. I'm hoping at least that
this is a trend that will carry forward.
--
~john aka: jopa
"Shane" <shanebeatson@gmail.com> wrote in message
news:OfuEMUqEGHA.3064@TK2MSFTNGP10.phx.gbl...
>> I can remember the days when patches were released too soon, resulting in
>> the necessity to re-patch the patches.
>
> Well you don't have to remember far, then. Certainly patches have been
> released and then revised, since scheduled monthly releases became the
> norm, because the original caused problems. If such has now been rectified
> it's still too soon to be cited as evidence of the schedule's efficacy.
> It's a shame the posters ignored that fact when eagerly agreeing with your
> timeliness point (which I don't disagree with, I'm just not biased enough
> to tacitly agree with your entire argument).
>
>
> Shane
>
> --
>
>
> The Sugitive
>
> Chapter One: http://tinyurl.com/bcevp
>
> Chapter Two: http://tinyurl.com/ag92o
>
> Chapter Three: Coming to an URL near you soon!
>
> ------------------------------------
>
>
- Posted by cquirke (MVP Windows shell/user) on January 8th, 2006
On Fri, 6 Jan 2006 15:05:14 +1030, "John Waller"
>> What deley.
>I should have said alleged delay, which some were vehemently claiming.
>>They were quite timely IMO.
They did the best they could, but the fact is, this defect was found
and exploited In The Wild before a patch was available.
This should serve as a heads-up that one cannot rely on patching
defects later, as a foolproof way to avoid malware that exploits them.
The target remains defect-free design and code, and I still don't see
as serious committment to that as some might like.
>---------- ----- ---- --- -- - - - -
Don't pay malware vendors - boycott Sony
>---------- ----- ---- --- -- - - - -
