Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Windows Graphics Rendering Engie - WMF Exploit

Notifications for Security Updates, as well as News and Information from across the web - mostly security minded.

Update Contributors: Members of the Malware Removal University.

Unread postby Chachazz » December 30th, 2005, 11:46 pm

Title: Microsoft Security Advisory Notification
Issued: December 30, 2005
********************************************************************

Security Advisories Updated or Released Today


* Security Advisory (912840)
- Title: Vulnerability in Graphics Rendering Engine Could
Allow Remote Code Execution.

- Web site: http://go.microsoft.com/fwlink/?LinkId=58452

- Reason For Update: Advisory updated. FAQ section updated.
User avatar
Chachazz
Regular Member
 
Posts: 642
Joined: July 3rd, 2005, 5:33 pm
Location: Canada
Advertisement
Register to Remove

Unread postby suebaby41 » December 31st, 2005, 4:59 pm

I tried again today and the link at BleepingComputer is working now. I don't know why it did not work before. Thank you, Chachazz. Thank you to all of you. :roll:
User avatar
suebaby41
MRU Master
MRU Master
 
Posts: 2053
Joined: February 8th, 2005, 7:38 pm

If your're using Kerio Personal Firewall...

Unread postby NonSuch » December 31st, 2005, 6:16 pm

For those who use the Kerio Firewall (now Sunbelt Kerio) there's an interesting topic at CastleCops regarding using Kerio to help block the WMF exploit...

"Use Sunbelt Kerio to protect against the WMF exploits"

http://castlecops.com/postx142743-0-15.html
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27300
Joined: February 23rd, 2005, 7:08 am
Location: California

Unread postby dobhar » January 1st, 2006, 6:46 pm

That was a very good read...Thanks NonSuch...

Looks like this is what to do until MS Official Patch comes out...

http://castlecops.com/a6436-Newest_WMF_ ... e_Day.html
User avatar
dobhar
MRU Honors Grad Emeritus
 
Posts: 961
Joined: March 3rd, 2005, 3:00 am
Location: Winnipeg

Unread postby NonSuch » January 1st, 2006, 7:12 pm

You're right... a temporary patch is now available for Win 2K, XP, and Win Server 2003. Additional information is available here...

http://www.grc.com/sn/notes-020.htm

http://sunbeltblog.blogspot.com/

http://www.hexblog.com/2005/12/wmf_vuln.html

Note that the temporary patch should be removed prior to installing any Microsoft patch for this particular vulnerability that may become available in the future.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27300
Joined: February 23rd, 2005, 7:08 am
Location: California

Unread postby Die Hard » January 2nd, 2006, 3:04 pm

There is a 3:d party temporary patch for the WMF exploit :
http://www.hexblog.com/2005/12/wmf_vuln.html
I recommend you to uninstall this fix and use the official patch from Microsoft as soon as it is available.


It adds this line to HJT and it´s not recognized by Google yet, but it´s this patch and thus legimit.
O20 - AppInit_DLLs: C:\WINNT\system32\wmfhotfix.dll

Die Hard :)
User avatar
Die Hard
MRU Emeritus
MRU Emeritus
 
Posts: 10
Joined: August 31st, 2005, 6:22 pm
Location: Sweden

Unread postby AndyAtHull » January 3rd, 2006, 9:21 pm

It seems M$ will bring a patch out on the 10th of this month according to here:

http://www.microsoft.com/technet/securi ... 12840.mspx
User avatar
AndyAtHull
Visiting Staff
 
Posts: 1636
Joined: October 6th, 2005, 2:03 pm
Location: UK

Unread postby NonSuch » January 4th, 2006, 1:39 am

I interpret this to mean, "We want to do it, we hope to do it," not "We will do it."

Microsoft’s goal is to release the update on Tuesday, January 10, 2006, as part of its monthly release of security bulletins. This release is predicated on successful completion of quality testing.


Let's hope they achieve their goal. ;)
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27300
Joined: February 23rd, 2005, 7:08 am
Location: California

Unread postby AndyAtHull » January 4th, 2006, 7:32 am

And when they do DO it. No douBt they will need another one to fix the left overs again. Don't you just love M$ :D
User avatar
AndyAtHull
Visiting Staff
 
Posts: 1636
Joined: October 6th, 2005, 2:03 pm
Location: UK

Unread postby AndyAtHull » January 4th, 2006, 2:52 pm

M$ Official patch has been leaked. And apparantly it works great. I havent tested it myself. Maybe I should :D

http://www.grc.com/sn/notes-020.htm
User avatar
AndyAtHull
Visiting Staff
 
Posts: 1636
Joined: October 6th, 2005, 2:03 pm
Location: UK

Unread postby NonSuch » January 4th, 2006, 7:32 pm

AndyAtHull wrote:M$ Official patch has been leaked. And apparantly it works great. I havent tested it myself. Maybe I should :D

http://www.grc.com/sn/notes-020.htm


You can test it if you want. ;) I'll wait until it's officially released. Always keep in mind that beta is Latin for doesn't work yet. :lol:
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27300
Joined: February 23rd, 2005, 7:08 am
Location: California

Unread postby AndyAtHull » January 4th, 2006, 8:22 pm

I am still in the process of setting my VPC up. By the time I get round to setting it up ok the patch will be released. :?
User avatar
AndyAtHull
Visiting Staff
 
Posts: 1636
Joined: October 6th, 2005, 2:03 pm
Location: UK

Unread postby ChrisRLG » January 5th, 2006, 5:02 pm

----- Original Message -----
From: Melissa Travers
To: Melissa Travers
Sent: Thursday, January 05, 2006 8:27 PM
Subject: Microsoft Security Bulletin(s) for January 5, 2006

Sorry if this is duplicate email for anyone….but an important announcement, there may be a latency issue on some servers so if the links do not work, keep trying

January 5, 2006,

Today Microsoft released the following Security Bulletin(s).

Note: http://www.microsoft.com/technet/security and http://www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summary:

http://www.microsoft.com/technet/securi ... 6-Jan.mspx

Critical Bulletins:

Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution (912919)
http://www.microsoft.com/technet/securi ... 6-001.mspx

This special bulletin is outside of our scheduled monthly bulletin release (second Tuesday of each month). Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety (1-866-727-2338). International customers should contact their local subsidiary.

Melissa Travers, MCSE
MVP Lead -Exchange Server, Security & Virtual Machine

==================

The patch is now available from Windows Update
ChrisRLG
Administrator Emeritus
 
Posts: 17759
Joined: December 16th, 2004, 10:04 am
Location: Southend, Essex, UK
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to News Desk



Who is online

Users browsing this forum: No registered users and 3 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware