Microsoft releases patch early for WMF exploit



Microsoft has released the patch for the WMF vulnerability that’s been all over the news early. It was released to http://windowsupdate.microsoft.com ahead of the previously announced January 10th “patch Tuesday”.

Congrats to Microsoft for getting this out the door early. That should go a long ways to blunting the attacks that are making use of this vulnerability.


I’m away from my main PC right now, so I don’t have much other detail and will try to update more as I can.

bulletin from Microsoft here, Patch and details here Sans has installation recommendations here

The security fix is covering as well and Brian did predict MS would release the patch early given all the bad press over waiting until Patch day.

Here’s a walk through of the install suggestions if you have the third party patch and registry work around:

1. Reboot your system to clear any vulnerable files from memory
2. Download and apply the new patch
3. Reboot
4. If you installed one of the unofficial, third-party patches, you may uninstall it by using Add/Remove Programs.
5. Re-register the .dll if you previously unregistered it. To do this:
* Click Start, click Run, type “regsvr32 %windir%system32shimgvw.dll” (without the quotation marks), and then click OK.
* A dialog box appears to confirm that the un-registration process has succeeded. Click OK to close the dialog box.
6. Reboot one more time just for good measure

Looks as though it was released a bit before 5 PM EST this afternoon. Sans has moved the Infocon back down to green for the first time in several days. (I can’t recall how many days straight it’s been at yellow, but it’s the longest stretch at yellow that I can recall.)

Related Posts

Blog Traffic Exchange Related Posts
  • Firefox zero-day vulnerability (or is it?) I saw a comment somewhere else that zero-day was overused and in essense ANY previously unknown vulnerability in open source software is technically zero day... the intent here though is to use the word in this context.... "vulnerability has been released without giving the vendor an opportunity to patch..." Yes,......
  • Windows 98 and ME in final days of support (6 by my count) July 11th will mark the end of Microsoft's support for Windows 98 and ME. Which means that there will be no further security updates for those systems after that date. In SOME ways, those systems may find comfort in the security through obscurity approach as much malware MAY not run......
  • WMF 0-day update Last night while I was in the midst of infecting a virtual machine, Microsoft issued a release that there's a "possible vulnerability"... fortunately, their technical document is a bit more straightforward... technet advisory here. Spyware Confidential also has a good roundup on the coverage so far. There's a bit more......
Blog Traffic Exchange Related Websites
  • Microsoft to deliver free anti-malware to Windows users News from Microsoft - the company is to offer no-cost anti-malware to Windows users and phase-out sales of Windows Live OneCare subscription. Code-named “Morro,” the product, which is scheduled for release during the second half of 2009, will offer protection against viruses, spyware, rootkits and Trojans. From the press release: As......
  • Windows 7 Sales Spike to Overtake Mac OS X [/caption]Proving there is no accounting for taste Microsoft’s latest attempt at a decent operating system, Windows 7, is now running on 5% of the computers online.  The daily average of online users as measured by Internet metrics company Net Applications showed that an increase last week put Windows 7 above......
  • Microsoft to Improve User Access Control in Windows 7 I was just reading a Slashdot article about Microsoft improving User Access Control (UAC) in Windows 7. In the cited PC Pro article, Microsoft engineer Ben Fathi says: We've heard loud and clear that you are frustrated. You find the prompts too frequent, annoying, and confusing. We still want to......
PDF24    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site