WMF unofficial patch updated



There’s been an update to the unofficial patch for the WMF (Windows MetaFile) vulnerability. The main change appears to be some options to allow for quiet installation (unattended) to help administrators in large environments try to roll the patch out in automated login scripts/etc.

It can be found here or at the incidents.org site.


My biggest question at this point is how long before Microsoft releases a patch and how similar it will be to the unofficial patch. I’m sure they want to do some quality control testing on anything they release so it’s thoroughly tested, but…. I would have thought with a severe problem they might have published a “this should solve the problem but it may have other unintended consequences” stopgap.

Hopefully there will be an official patch this week, but don’t hold your breath.

I saw someone comment that Microsoft should pay the “unofficial patcher…” to incorporate his fix into theirs. You would think that his work would make what they’re trying to do easier. One thing though, Microsoft has traditionally seemed slow to swallow it’s pride and accept anything from outside their walls as a good thing. It’s going to be an interesting week or two, no doubt….

Related Posts

Blog Traffic Exchange Related Posts
  • WMF patch from Microsoft expected January 10th The Microsoft security bulletin on the WMF vulnerability has been updated to indicate that Microsoft expects to release an update for the issue in their regular patch release on January 10th. The first couple paragraphs strike me as a bit defensive. Explaining about their immediate mobilization of Incident Response and......
  • Update on the Internet Explorer VML vulnerability Just catching up on the days VML vulnerability news from today.... It looks as though... the exploit is now MUCH more widespread this blog has some video of an infection, what's notable is that the first take was VERY UNEVENTFUL, it was used to stealthily install a keylogger. (So that......
  • Microsoft's speed to get security patches out Brian Krebs at the Security Fix has done an interesting study related to how long it takes Microsoft to release a security fix for a problem, starting from the time they are notified of the security vulnerability. For the most part, 134.5 days has been the window between notification and......
Blog Traffic Exchange Related Websites
  • Fishing Report: September 11, 2009 Here is a look at what’s happening in terms of fishing for the week. Local Ocean Fishing – There was a decent calm on the water over the span of the weekend, enough it seems to have attracted skiffs out of the harbor and into the sea. Miles offshore, they......
  • Weekly Round-Up: Post Holiday Sickness Edition Well, it's official: I'm sick.  I probably shouldn't be too surprised; Sondra was sick most of the week after Christmas (with me serving as designated caretaker/tea maker) and when she was feeling better, I went out to see my mother and sisters, who were just getting over their own illness......
  • Microsoft to Improve User Access Control in Windows 7 I was just reading a Slashdot article about Microsoft improving User Access Control (UAC) in Windows 7. In the cited PC Pro article, Microsoft engineer Ben Fathi says: We've heard loud and clear that you are frustrated. You find the prompts too frequent, annoying, and confusing. We still want to......
PDF24    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site