Re: Microsoft patch for WMF vulnerability

Re: Microsoft patch for WMF vulnerability: Posted by Art on January 5th, 2006; On Thu, 05 Jan 2006 20:16:46 +0000, Adam Piggott
<usenet@proactiveservices.co.invalid> wrote:

For Win 2K and later. From the FAQ concerning Win 9X/ME:
*************************************************
Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE),
and Microsoft Windows Millennium Edition (ME) were previously
listed as affected, but are no longer listed. Why is that?

Although Windows 98, Windows 98 Second Edition, and Windows
Millennium Edition do contain the affected component, at this
point in the investigation, an exploitable attack vector has
not been identified that would yield a Critical severity rating
for these versions. Per the support life cycle of these versions,
only vulnerabilities of Critical severity would receive security
updates.
*************************************************
I've installed the NOD32 fix on my Win ME PC, and it looks like
it will stay

Art

http://home.epix.net/~artnpeg; Posted by David H. Lipman on January 5th, 2006; From: "Art" <null@zilch.com>

|
| For Win 2K and later. From the FAQ concerning Win 9X/ME:
| *************************************************
| Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE),
| and Microsoft Windows Millennium Edition (ME) were previously
| listed as affected, but are no longer listed. Why is that?
|
| Although Windows 98, Windows 98 Second Edition, and Windows
| Millennium Edition do contain the affected component, at this
| point in the investigation, an exploitable attack vector has
| not been identified that would yield a Critical severity rating
| for these versions. Per the support life cycle of these versions,
| only vulnerabilities of Critical severity would receive security
| updates.
| *************************************************
| I've installed the NOD32 fix on my Win ME PC, and it looks like
| it will stay
|
| Art
|
| http://home.epix.net/~artnpeg

I'm with you Art !

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm; Posted by louise on January 5th, 2006; »Q« wrote:

I'm nervous about trusting a Microsoft patch that they
rushed out to say they fixed it fast. Many of their "fixes"
have been to known to be very problematic.

Any thoughts on leaving the Gibson patch and waiting for the
Microsoft patch to be be tested in real life?

TIA

Louise; Posted by David H. Lipman on January 5th, 2006; From: "louise" <louise@nospam.com>

| I installed the fix on Gibson's site.
|
| I'm nervous about trusting a Microsoft patch that they
| rushed out to say they fixed it fast. Many of their "fixes"
| have been to known to be very problematic.
|
| Any thoughts on leaving the Gibson patch and waiting for the
| Microsoft patch to be be tested in real life?
|
| TIA
|
| Louise

Their fix is a replacement of gdi32.dll. That's it. I think itt can be trusted until
someone else finds a vulnerability and exploits it. This goes back to Gdiplus.dll...

Microsoft Security Bulletin MS04-028
Buffer Overrun in JPEG Processing Could Allow Code Execution (833987)
http://www.microsoft.com/technet/sec.../MS04-028.mspx

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm; Posted by Boris Mohar on January 5th, 2006; On Thu, 05 Jan 2006 22:05:48 GMT, "David H. Lipman"
<DLipman~nospam~@Verizon.Net> wrote:

While stumbling around on MS website looking for the bloody update I finally
ended up wit this message:

"Thank you for your interest in obtaining updates from our site.

To use this site, you must be running Microsoft Internet Explorer 5 or later.

To upgrade to the latest version of the browser, go to the Internet Explorer
Downloads website."

WTF? Does this mean that I cannot update without IE? I am using Firefox.

--

Boris Mohar; Posted by David H. Lipman on January 5th, 2006; From: "Boris Mohar" <borism_-void-_@sympatico.ca>

|
| While stumbling around on MS website looking for the bloody update I finally
| ended up wit this message:
|
| "Thank you for your interest in obtaining updates from our site.
|
| To use this site, you must be running Microsoft Internet Explorer 5 or later.
|
| To upgrade to the latest version of the browser, go to the Internet Explorer
| Downloads website."
|
| WTF? Does this mean that I cannot update without IE? I am using Firefox.
|

Almots...

KB912919
http://www.microsoft.com/downloads/d...DisplayLang=en

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm; Posted by Art on January 5th, 2006; On Thu, 05 Jan 2006 18:05:44 -0500, Boris Mohar
<borism_-void-_@sympatico.ca> wrote:

Why not use IE6 for Windows Update? You don't have use it for anything
else, or make it the default browser. Since getting all patches is
important, using IE and WU is really the only way to go.

Art

http://home.epix.net/~artnpeg; Posted by Boris Mohar on January 5th, 2006; On Thu, 05 Jan 2006 23:25:02 GMT, "David H. Lipman"
<DLipman~nospam~@Verizon.Net> wrote:

Thank you Sir.

--

Boris Mohar; Posted by Luke on January 6th, 2006; On Thu, 05 Jan 2006 21:18:18 GMT, Art <null@zilch.com> wrote:

And "Critical severity" is defined by MS as:

http://www.microsoft.com/technet/sec...in/rating.mspx

"The Severity Rating System

The severity rating system provides a single rating for each
vulnerability. The definitions of the ratings are:

Rating Definition

Critical A vulnerability whose exploitation could allow the
propagation of an Internet worm without user action."

In English: If you have to click AND it isn't a worm it ain't
Critical.

Same here. May substitute Steve Gibson's patch when he releases it.

--
Luke
__________________________________________________ ____________________
"Warrants? We ain't got no warrants. We don't need no warrants. I
don't have to show you any stinkin' warrants."
-- George W. Bush, December 18, 2005; Posted by Steve Pope on January 6th, 2006; Microsoft has revised its webpage for Security Advisory 912840
to point to the new patch.

Unfortunately, this means they have removed from their site
the information on how to un-do the regsvr32 -u command they were
telling you to perform a couple days ago.

Steve; Posted by Todd H. on January 6th, 2006; spope33@speedymail.org (Steve Pope) writes:

Luckily it's simple. Just drop the -u.

--
Todd H.
http://www.toddh.net/; Posted by Steve Pope on January 6th, 2006; Todd H. <comphelp@toddh.net> wrote:

Yes thanks.

Steve; Posted by Art on January 7th, 2006; On Sat, 07 Jan 2006 15:32:08 GMT, Sean Cousins <spam@off.invalid>
wrote:

http://www.nod32.ch/en/download/tools.php

Art

http://home.epix.net/~artnpeg; Posted by Art on January 7th, 2006; On Sat, 07 Jan 2006 15:35:36 GMT, Sean Cousins <spam@off.invalid>
wrote:

No. You must d/l and install the MS patch.

Art

http://home.epix.net/~artnpeg; Posted by David H. Lipman on January 7th, 2006; From: "Sean Cousins" <spam@off.invalid>

| On Thu, 05 Jan 2006 22:41:45 GMT, "David H. Lipman"
| <DLipman~nospam~@Verizon.Net> wrote:
|
| Does that mean if I was to run "sfc /scannow" it would replace the new
| version with the old version?

It puts a copy in the DLL Cache and it updates the Registry with the info on the patch
installation so I don't think so.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

Similar Posts

Re: WMF Vulnerability patch for win98 etc., REALTIME LOG (Computer Security) by see.my.sig.4.addr@nowhere.com.invalid
MS Patch release for Embedded Web Fonts code execution vulnerability (Computer Security) by Winged
Alternate WMF vulnerability patch for WinNT,2000,XP, 2003 systems (Virus & Worms) by Ian Kenefick
Re: Microsoft patch for WMF vulnerability (Virus & Worms) by Heather
!Patch for IE input validation error vulnerability... (Computer Security) by Max Burke