Computer Tips -Tech Info

Microsoft has released the patch for the WMF vulnerability that’s been all over the news early. It was released to http://windowsupdate.microsoft.com ahead of the previously announced January 10th “patch Tuesday”.

Congrats to Microsoft for getting this out the door early. That should go a long ways to blunting the attacks that are making use of this vulnerability.

I’m away from my main PC right now, so I don’t have much other detail and will try to update more as I can.

bulletin from Microsoft here, Patch and details here Sans has installation recommendations here

The security fix is covering as well and Brian did predict MS would release the patch early given all the bad press over waiting until Patch day.

Here’s a walk through of the install suggestions if you have the third party patch and registry work around:

1. Reboot your system to clear any vulnerable files from memory
2. Download and apply the new patch
3. Reboot
4. If you installed one of the unofficial, third-party patches, you may uninstall it by using Add/Remove Programs.
5. Re-register the .dll if you previously unregistered it. To do this:
* Click Start, click Run, type “regsvr32 %windir%system32shimgvw.dll” (without the quotation marks), and then click OK.
* A dialog box appears to confirm that the un-registration process has succeeded. Click OK to close the dialog box.
6. Reboot one more time just for good measure

Looks as though it was released a bit before 5 PM EST this afternoon. Sans has moved the Infocon back down to green for the first time in several days. (I can’t recall how many days straight it’s been at yellow, but it’s the longest stretch at yellow that I can recall.)

Popularity: 1% [?]

   Send article as PDF   

• Microsoft's unpatched security bugs George Ou at ZDnet is mystified (as many of us are) at why Microsoft can't patch ALL their security vulnerabilities. Most of the unpatched vulnerabilities are considered minor (as was the 6 month old bug that in the last week was discovered could be exploited for more than a Denial......
• WMF 0-day update Last night while I was in the midst of infecting a virtual machine, Microsoft issued a release that there's a "possible vulnerability"... fortunately, their technical document is a bit more straightforward... technet advisory here. Spyware Confidential also has a good roundup on the coverage so far. There's a bit more......
• Firefox zero-day vulnerability (or is it?) I saw a comment somewhere else that zero-day was overused and in essense ANY previously unknown vulnerability in open source software is technically zero day... the intent here though is to use the word in this context.... "vulnerability has been released without giving the vendor an opportunity to patch..." Yes,......

• PersonalizationMall.com PersonalizationMall.com was founded in 1998 with headquarters located in Burr Ridge, Illinois. Our goal is to serve our customers by making personalized gift buying quick and easy. Our revolutionary preview technology takes the guess work out of personalization, by allowing you to see what your gift will look like,......
• Microsoft’s Next Move for Windows - Samara Lynn Microsoft has bounced back into good grace from Windows Vista with its latest release of its operating system, Windows 7.  Many Windows-based users have adopted Windows 7, either upgrading from Windows XP or scraping Vista.  In an interesting article titled, “Will Windows 8 Be A Business-Only OS?” from PC Mag,......
• Security News: US report blasts China, Russia for cybercrime; Duqu Malware: Still No Patch; MIT server hijacked in drive-by download campaign US report blasts China, Russia for cybercrime By LOLITA C. BALDOR, Associated Press – 4 hours ago WASHINGTON (AP) — Cyberattacks by Chinese and Russian intelligence services, as well corporate hackers in those countries, have swallowed up large amounts of high-tech American research and development data, and that stolen information......

Similar Posts

• Update on the WMF exploit – more sites to block
• Workaround for the critical WMF zero-day exploit
• WMF exploit situation summary…
• WMF 0-day update
• Microsoft releases official VML patch!!

This entry was posted on Thursday, January 5th, 2006 at 5:32 pm and is filed under Computers, Security, Tech Support, Windows. You can follow any responses to this entry through the RSS 2.0 feed. Responses are currently closed, but you can trackback from your own site.