Microsoft has released the patch for the WMF vulnerability that’s been all over the news early. It was released to http://windowsupdate.microsoft.com ahead of the previously announced January 10th “patch Tuesday”.
Congrats to Microsoft for getting this out the door early. That should go a long ways to blunting the attacks that are making use of this vulnerability.
I’m away from my main PC right now, so I don’t have much other detail and will try to update more as I can.
The security fix is covering as well and Brian did predict MS would release the patch early given all the bad press over waiting until Patch day.
Here’s a walk through of the install suggestions if you have the third party patch and registry work around:
1. Reboot your system to clear any vulnerable files from memory
2. Download and apply the new patch
4. If you installed one of the unofficial, third-party patches, you may uninstall it by using Add/Remove Programs.
5. Re-register the .dll if you previously unregistered it. To do this:
* Click Start, click Run, type “regsvr32 %windir%system32shimgvw.dll” (without the quotation marks), and then click OK.
* A dialog box appears to confirm that the un-registration process has succeeded. Click OK to close the dialog box.
6. Reboot one more time just for good measure
Looks as though it was released a bit before 5 PM EST this afternoon. Sans has moved the Infocon back down to green for the first time in several days. (I can’t recall how many days straight it’s been at yellow, but it’s the longest stretch at yellow that I can recall.)
Related PostsRelated Posts
- Zero-day ( 0-day) Microsoft Word exploit There was some news on this last night at Incidents.org, today F-secure has some details as well on the trojan that's dropped in this circulating, exploit. It seems as though the initial attack was very targetted against a specific organization. Antivirus packages did not recognize the trojan that the exploit......
- WMF 0-day update Last night while I was in the midst of infecting a virtual machine, Microsoft issued a release that there's a "possible vulnerability"... fortunately, their technical document is a bit more straightforward... technet advisory here. Spyware Confidential also has a good roundup on the coverage so far. There's a bit more......
- Windows 98 and ME in final days of support (6 by my count) July 11th will mark the end of Microsoft's support for Windows 98 and ME. Which means that there will be no further security updates for those systems after that date. In SOME ways, those systems may find comfort in the security through obscurity approach as much malware MAY not run......
- Musician Profile for Joan Chandos Baez Who is Joan Chandos Baez? Brief Bio: Joan Chandos Baez was born on January 9 in 1941 in Staten Island, New York. She is an American folk singer and songwriter that is best known for an individual vocal style as well as her three octave vocal range. Many of her......
- Microsoft’s Next Move for Windows - Samara Lynn Microsoft has bounced back into good grace from Windows Vista with its latest release of its operating system, Windows 7. Many Windows-based users have adopted Windows 7, either upgrading from Windows XP or scraping Vista. In an interesting article titled, “Will Windows 8 Be A Business-Only OS?” from PC Mag,......
- Indiana 9th District House Race Updates: Barron Hill and Todd Young To view other TCJ Research Polls released today, click HERE. To read our full analysis of how and why Republicans will take the Senate, click HERE. Republican Todd Young faces off against Democrat Barron Hill in this highly contested house race. Incumbent Hill has been under fire recently for his comments at......
- Update on the WMF exploit – more sites to block
- Workaround for the critical WMF zero-day exploit
- WMF exploit situation summary…
- WMF 0-day update
- Microsoft releases official VML patch!!