Blog For Free!
Archives
Home
2008 October
2008 September
2008 August
2008 July
2008 June
2008 May
2008 April
2008 March
2008 February
2008 January
2007 December
2007 November
2007 October
2007 September
2007 July
2007 June
2007 May
2007 April
2007 March
2007 February
2007 January
2006 December
2006 November
2006 October
2006 September
2006 August
2006 July
2006 June
2006 May
2006 April
2006 March
2006 February
2006 January
2005 December
2005 November
2005 October
2005 August
2005 July
2005 June
2005 May
2005 April
2005 March
2005 January
2004 December
2004 November
2004 October
2004 September
2004 August
2004 July
My Links
Global Warming: A Chilling Perspective
Watts Up With That?
Internet Haganah
Jihad Watch
Ponder the Maunder
The Dissident Frogman
Barking-Moonbat EWS
Just Barking Mad!
The Malaria Clock
Project Valour-IT
Islam: Turning everything it touches to Shi'ite since 632 AD...
10 Myths of Islam
tBlog
My Profile
Send tMail
My tFriends
My Images
Sponsored
Blog
| Interim WMF Exploit Savior |
| 01.04.06 (9:11 am) [edit] |
|
We've all been following the dramatic story of the whole wmf exploit and how it is easily spoofed into other image types. The last day of 2005 the wmf exploit exploded into other various venues such as instant messages, email, and more. Various tools have been setup to try and catch or filter out the wmf exploit, but last night it has mutated. Newest variations change the header and tail of the wmf exploit making its signature difficult to locate. Technical details: "this is a DLL which gets injected to all processes loading user32.dll. It patches the Escape() function in gdi32.dll. The result of the patch is that the SETABORT escape sequence is not accepted anymore." Once Microsoft releases an official patch, or if the above doesn't work, you can uninstall it from your Add/Remove Programs menu. It'll be listed as "Windows WMF Metafile Vulnerability HotFix". The Internet Storm Center gives this patch its stamp of approval: We have very carefully scrutinized this patch. It does only what is advertised, it is reversible, and, in our opinion, it is both safe and effective. The word from Redmond isn't encouraging. We've heard nothing to indicate that we're going to see anything from Microsoft before January 9th. The upshot is this: You cannot wait for the official MS patch, you cannot block this one at the border, and you cannot leave your systems unprotected. So there you have it, don't trust the firewall filters, don't trust the antivirus vendors, don't wait for Microsoft. Install the patch immediately. If you are running a Windows operating system the patch doesn't support, time to shut it off and wait. This is a bad one, folks. Install this patch, and be EXTREMELY careful. I would even disable preview in your mail client, if you use one. http://castlecops.com/a6436-Newest_WMF_Expl oit_Patch_Saves_the_Day.html" title="http://castlecops.com/a6436-Newest_WMF_Expl oit_Patch_Saves_the_Day.html" target="_blank"http://castlecops.com/a6436-N... |
| 0 Comments |
