Microsoft has released the patch for the WMF vulnerability that’s been all over the news early. It was released to http://windowsupdate.microsoft.com ahead of the previously announced January 10th “patch Tuesday”.
Congrats to Microsoft for getting this out the door early. That should go a long ways to blunting the attacks that are making use of this vulnerability.
I’m away from my main PC right now, so I don’t have much other detail and will try to update more as I can.
The security fix is covering as well and Brian did predict MS would release the patch early given all the bad press over waiting until Patch day.
Here’s a walk through of the install suggestions if you have the third party patch and registry work around:
1. Reboot your system to clear any vulnerable files from memory
2. Download and apply the new patch
4. If you installed one of the unofficial, third-party patches, you may uninstall it by using Add/Remove Programs.
5. Re-register the .dll if you previously unregistered it. To do this:
* Click Start, click Run, type “regsvr32 %windir%system32shimgvw.dll” (without the quotation marks), and then click OK.
* A dialog box appears to confirm that the un-registration process has succeeded. Click OK to close the dialog box.
6. Reboot one more time just for good measure
Looks as though it was released a bit before 5 PM EST this afternoon. Sans has moved the Infocon back down to green for the first time in several days. (I can’t recall how many days straight it’s been at yellow, but it’s the longest stretch at yellow that I can recall.)
Related PostsRelated Posts
- WMF 0-day update Last night while I was in the midst of infecting a virtual machine, Microsoft issued a release that there's a "possible vulnerability"... fortunately, their technical document is a bit more straightforward... technet advisory here. Spyware Confidential also has a good roundup on the coverage so far. There's a bit more......
- Microsoft's unpatched security bugs George Ou at ZDnet is mystified (as many of us are) at why Microsoft can't patch ALL their security vulnerabilities. Most of the unpatched vulnerabilities are considered minor (as was the 6 month old bug that in the last week was discovered could be exploited for more than a Denial......
- Adobe Acrobat reader update On the heels of yesterdays massive update day from Microsoft, Adobe has released an update for the free Adobe Reader. The Adobe reader is one of those ALMOST essential applications that MOST everyone has installed. So, this will be of particular interest to MOST computer users. A SERIOUS security flaw......
- Paying Debt Collection The FTC had over seventy thousand complaints in 2007 leveled against debt collectors, third party agencies that collect debts for various businesses and banks. It can go without saying that not all debt collectors follow the rules. Here is some info that can help you to deal with (or not......
- Windows 7 Sales Spike to Overtake Mac OS X [/caption]Proving there is no accounting for taste Microsoftâs latest attempt at a decent operating system, Windows 7, is now running on 5% of the computers online.Â The daily average of online users as measured by Internet metrics company Net Applications showed that an increase last week put Windows 7 above......
- April 3, 2010, iPad Release Day: Unboxing iPad Wi-Fi 64GB Release Day On April 3, 2010, Apple released the ipad, and I had one reserved at the local Apple store, a . I picked it up as well as an , which I have since exchanged for the . Caffeine Line Even having reserved the ipad, on release day all......
- Update on the WMF exploit – more sites to block
- Workaround for the critical WMF zero-day exploit
- WMF exploit situation summary…
- WMF 0-day update
- Microsoft releases official VML patch!!