WMF vulnerability advisory update



Microsoft has updated their security bulletin on the WMF vulnerability to note a couple things. One, they acknowledge that embedded images within a document can trigger the exploit. Previously they said this needed further investigation. Second, they are seconding what I’ve been finding that Windows 98 and other pre-XP systems are not as critically at risk for this vulnerability….


Although Windows 98, Windows 98 Second Edition, and Windows Millennium Edition do contain the affected component, at this point in the investigation, an exploitable attack vector has not been identified that would yield a Critical severity rating for these versions. Per the support life cycle of these versions, only vulnerabilities of Critical severity would receive security updates. For more information about the security update support policy for these versions of Windows, visit the following Web site.

Unfortunately it’s their reason for not issuing a fix for those platforms, which mens the second unofficial patch mentioned earlier today from an antivirurs company may be the only patch those systems get.

It’s not comforting that they will not release an update because it’s not critical. If you recall there was a recent 0-day explorer exploit that was a variation on an earlier known vulnerability that originally was not deemed critical.

Related Posts

Blog Traffic Exchange Related Posts
  • Mac Wireless driver Security vulnerability revisited A couple weeks ago the hot story was about the demonstration of a vulnerability in a 3rd party wireless card driver on a Mac. The individuals that demonstrated the vulnerability (in a video taped presentation) also claimed that many wireless drivers were vulnerable to this same flaw and it included......
  • Serious Symantec Antivirus Vulnerability A few things to catch up on this afternoon, but first up is a Serious vulnerability in Symantec Antivirus. (It's always serious when security software has a vulnerability.) The securityfix is reporting that a vulnerability has been discovered in the way Symantec deals with rar archived files. A specially made......
  • Windows 2000 Worm vulnerability Apparently, there is an unpatched vulnerability in Windows 2000 that could open the door for a network worm. The details have not been released to give Microsoft time to deal with a patch. (Microsoft is drawing down support commitments to 2000, releasing a batch of updates just before their timeline......
Blog Traffic Exchange Related Websites
  • Prosper Site Update -- Nationwide 36% Except Texas and South Dakota With a banking partner in WebBank, Prosper opens up to a nationwide audience of borrowers.  Their timing couldn't have been better.  Welcome borrowers! (Except Texas and South Dakota) Minimum instant transfer of $50 on 50% of your active loan value is now possible... In my opinion, this change greatly reduces (maybe......
  • Updating My Value Dividend Portfolio One of my favorite parts of my financial “empire” is my Dividend Portfolio (a/k/a Perpetual Income Machine).  While it is not big by any stretch of the imagination worth only a couple grand, I have been throwing more and more money at it per month so I feel that......
  • SecurityOrb’s Top 5 Cyber Security Threat Predictions for 2011 2010 was an attention-grabbing year in the information security industry.  We saw some interesting things such as Google alleged hack by China, Wikileaks and the issues with insider threat and hacktivism, Stuxnet advanced malware implementation and social networking site vulnerabilities as well as our share of zero-day attacks to name......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site