It seems the WMF patch that was recently released for Windows 2000 and XP (and 2003) has been ported to Microsoft Windows Vista Beta…. This makes it the first security patch for Vista. eweek has an article on the issue. So, if you’re beta testing Vista, get it updated ASAP. Hopefully though, if you’re beta-testing it’s not a production machine and no great loss if you get infested with beaucoup spyware….
Tag: Windows
-
Direct links to international broadcasters audio streams
I’ve posted several things over at the onlineradiotv.com site. For starters I’ve got links to a few international (shortwave) broadcasters live audio streams and where available their “latest” english news update (and in some cases spanish and other languages.) I’ve also started posting some bash scripts there that can directly start mplayer streaming a feed.
-
Another Win98 patch for WMF vulnerability
There’s another patch for those Win98 users that are nervous about the WMF vulnerability that was announced at the tail end of the year. This site has made the patched version of gdi32.dll available to any and all. Their patch is open source. They basically say “it works for them…” no warranties. Steve Gibson has also said that he’ll be writing a Win9x patch.
-
Tools of the trade – Compactflash card reader
I’ve probably mentioned before that I like the compactflash format for “digital media”. My camera uses Compactflash, so does the nexia audio player I use and the old used pda I’ve got, uses compactflash, so…. I have a variety of cards around, I’ve got an 8MB, 32MB, 64MB, 128MB, 512MB and 1024MB card around somewhere. With all those cards and just three devices…. well, when I started thinking “usb memory stick” to replace floppy discs to move files from one machine to another… I thought, why should I pay for something with the memory built in… so, I found something that did well….
-
Windows Wireless vulnerability
Brian Krebs has a post today on a Windows wireless networking “feature” which can be somewhat of a security risk. You see, it seems that With wireless networking enabled, Windows remembers the last wireless SSID that you connected to, so let’s say you were at a public Wireless access point called “Bob’s hotel” and you carry your laptop somewhere else. When the machine boots up, Windows tries to find “Bob’s hotel”, but of course, it’s not available at this other location, so… it assigns a 169.254.x.x ip address and broadcasts looking for “Bob’s hotel” the most recent wireless lan.
-
MS responds to “intentional backdoor”, WMF claim
Microsoft is disputing claims by Steve Gibson, that the WMF vulnerability was an intentionally placed backdoor. There is a response to the claims in the Microsoft Security Incident Response blog. Apparently since the SetAbortProc procedure relates to printing, previous versions of Windows ignored the call unless printing was involved. (Why did windows start paying attention to it otherwise?)
-
WMF vulnerability not an accident? Was it an intentional backdoor?
I’m not quite sure if I’m willing to attribute to design, what I could attribute to a mistake… but, slashdot has pointed out that Steve Gibson in his latest Security Now! podcast (link is to transcript), is suggesting that it appears as though the WMF vulnerability of recent weeks appears (to him) to have been INTENTIONALLY included as a means of a remote backdoor.
-
Microsoft’s speed to get security patches out
Brian Krebs at the Security Fix has done an interesting study related to how long it takes Microsoft to release a security fix for a problem, starting from the time they are notified of the security vulnerability. For the most part, 134.5 days has been the window between notification and vulnerability patching for the last 2 years from Microsoft. (That is for vulnerabilities that were submitted to Microsoft through the normal process…)
-
Codeweavers fixes WMF vulnerability in Crossover Office
There has been a bugfix release to Crossover Office, released by Codeweavers. Crossover Office is an offshoot of the Wine project, which is a windows compatibility suite for Linux, to allow Windows applications to run under modern Linux operating systems. It was found recently that wine suffered from the WMF vulnerability just the same as Windows. The new release is 5.0.1, notes on what has changed can be found here.
-
January Patch Tuesday
Microsoft has issued two advisories related to patches coming out today. Both are remote code execution vulnerabilities, the first affects Outlook and Exchange server, the second is related to embedded Web fonts. The links above don’t yet seem active, but should go to the technet Security bulletins once Microsoft finishes publishing those.