Free Malware Removal Forum

[Chachazz]

Title: Microsoft Security Advisory Notification
Issued: December 30, 2005
********************************************************************

Security Advisories Updated or Released Today

* Security Advisory (912840)
- Title: Vulnerability in Graphics Rendering Engine Could
Allow Remote Code Execution.

- Web site: http://go.microsoft.com/fwlink/?LinkId=58452

- Reason For Update: Advisory updated. FAQ section updated.

[suebaby41]

I tried again today and the link at BleepingComputer is working now. I don't know why it did not work before. Thank you, Chachazz. Thank you to all of you.

[NonSuch]

For those who use the Kerio Firewall (now Sunbelt Kerio) there's an interesting topic at CastleCops regarding using Kerio to help block the WMF exploit...

"Use Sunbelt Kerio to protect against the WMF exploits"

http://castlecops.com/postx142743-0-15.html

[dobhar]

That was a very good read...Thanks NonSuch...

Looks like this is what to do until MS Official Patch comes out...

http://castlecops.com/a6436-Newest_WMF_ ... e_Day.html

[NonSuch]

You're right... a temporary patch is now available for Win 2K, XP, and Win Server 2003. Additional information is available here...

http://www.grc.com/sn/notes-020.htm

http://sunbeltblog.blogspot.com/

http://www.hexblog.com/2005/12/wmf_vuln.html

Note that the temporary patch should be removed prior to installing any Microsoft patch for this particular vulnerability that may become available in the future.

[Die Hard]

There is a 3:d party temporary patch for the WMF exploit :
http://www.hexblog.com/2005/12/wmf_vuln.html

I recommend you to uninstall this fix and use the official patch from Microsoft as soon as it is available.

It adds this line to HJT and it´s not recognized by Google yet, but it´s this patch and thus legimit.
O20 - AppInit_DLLs: C:\WINNT\system32\wmfhotfix.dll

Die Hard

[AndyAtHull]

It seems M$ will bring a patch out on the 10th of this month according to here:

http://www.microsoft.com/technet/securi ... 12840.mspx

[NonSuch]

I interpret this to mean, "We want to do it, we hope to do it," not "We will do it."

Microsoft’s goal is to release the update on Tuesday, January 10, 2006, as part of its monthly release of security bulletins. This release is predicated on successful completion of quality testing.

Let's hope they achieve their goal.

[AndyAtHull]

And when they do DO it. No douBt they will need another one to fix the left overs again. Don't you just love M$

[AndyAtHull]

M$ Official patch has been leaked. And apparantly it works great. I havent tested it myself. Maybe I should

http://www.grc.com/sn/notes-020.htm

[NonSuch]

M$ Official patch has been leaked. And apparantly it works great. I havent tested it myself. Maybe I should

http://www.grc.com/sn/notes-020.htm

You can test it if you want. I'll wait until it's officially released. Always keep in mind that beta is Latin for doesn't work yet.

[AndyAtHull]

I am still in the process of setting my VPC up. By the time I get round to setting it up ok the patch will be released.

[ChrisRLG]

----- Original Message -----
From: Melissa Travers
To: Melissa Travers
Sent: Thursday, January 05, 2006 8:27 PM
Subject: Microsoft Security Bulletin(s) for January 5, 2006

Sorry if this is duplicate email for anyone….but an important announcement, there may be a latency issue on some servers so if the links do not work, keep trying

January 5, 2006,

Today Microsoft released the following Security Bulletin(s).

Note: http://www.microsoft.com/technet/security and http://www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details.

Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided.

Bulletin Summary:

http://www.microsoft.com/technet/securi ... 6-Jan.mspx

Critical Bulletins:

Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution (912919)
http://www.microsoft.com/technet/securi ... 6-001.mspx

This special bulletin is outside of our scheduled monthly bulletin release (second Tuesday of each month). Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so.

If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety (1-866-727-2338). International customers should contact their local subsidiary.

Melissa Travers, MCSE
MVP Lead -Exchange Server, Security & Virtual Machine

==================

The patch is now available from Windows Update