Page 2 of 2 <12
Topic Options
#154318 - 2006-01-03 08:30 PM Re: WMF vulnerability - debating on whether to roll out work around with ki
NTDOC Administrator Offline
Administrator
*****

Registered: 2000-07-28
Posts: 11624
Loc: CA
Yeah, they should release Next Tuesday with their other patches per normal monthly schedule.

Hopefully it's better than the "3rd party patch" I tried. It disabled too much automated graphics stuff. I'll uninstall that one and install the Microsoft one next week and cross my fingers that it is more compatible with how the OS currently works.
 

Top
#154319 - 2006-01-03 08:40 PM Re: WMF vulnerability - debating on whether to roll out work around with ki
Mart Moderator Offline
KiX Supporter
*****

Registered: 2002-03-27
Posts: 4673
Loc: The Netherlands
I did not even install the 3rd party patch. MS build the OS so I’ll rely on them to build a proper fix after considering and knowing all side effects it might have even if it takes a week before it’s released. Our virus scanner is currently picking it up and we hammered into our users heads not to open any mail that might be suspicious and call IT first. For now this works ok as a temporary action.

I looked at the MS advisory and will see what the MS workaround does on a test system when I’m back at work tomorrow.

Quote:


....
Click Start, click Run, type "regsvr32 -u %windir%\system32\shimgvw.dll" (without the quotation marks), and then click OK
....



_________________________
Mart

- Chuck Norris once sold ebay to ebay on ebay.

Top
#154320 - 2006-01-03 09:09 PM Re: WMF vulnerability - debating on whether to roll out work around with ki
Lonkero Administrator Offline
KiX Master Guru
*****

Registered: 2001-06-05
Posts: 22346
Loc: OK
well, I didn't install the third party one either and my gifs stopped animating.
so doc, I bet it was some other MS fix that did this.
_________________________
!

download KiXnet

Top
#154321 - 2006-01-03 09:14 PM Re: WMF vulnerability - debating on whether to roll out work around with ki
Allen Administrator Online   shocked
KiX Supporter
*****

Registered: 2003-04-19
Posts: 4549
Loc: USA
I've installed the unofficial patch and have not noticed anything working differently.
Top
#154322 - 2006-01-03 09:38 PM Re: WMF vulnerability - debating on whether to roll out work around with ki
NTDOC Administrator Offline
Administrator
*****

Registered: 2000-07-28
Posts: 11624
Loc: CA
Well thumbnails in folders should no longer work if you installed either one of the "fixes".
Top
#154323 - 2006-01-04 12:22 AM Re: WMF vulnerability - debating on whether to roll out work around with ki
Lonkero Administrator Offline
KiX Master Guru
*****

Registered: 2001-06-05
Posts: 22346
Loc: OK
hmm...
Quote:

...in a practical sense, only Windows XP and Windows Server 2003 (in all their service pack levels) are vulnerable to the WMF flaw.
...all versions of Windows back to 3.0 have the vulnerability in GDI32. Except for Windows XP and Windows Server 2003, no Windows versions, in their default configuration, have a default association for WMF files, and none of their Paint programs or any other standard programs installed with them can read WMF files...


from http://www.f-secure.com/weblog/

it sure seems that I don't need to worry at all, after all, I don't have a single XP system at home
_________________________
!

download KiXnet

Top
#154324 - 2006-01-04 01:04 AM Re: WMF vulnerability - debating on whether to roll out work around with ki
NTDOC Administrator Offline
Administrator
*****

Registered: 2000-07-28
Posts: 11624
Loc: CA
The association is not the point of intrusion. A system that was indexed by Google Desktop was enough to activate/trigger the problem according to one site.

Microsoft says though that there are few successful attacks on systems from the data they have.

Top
#154325 - 2006-01-04 02:06 AM Re: WMF vulnerability - debating on whether to roll out work around with ki
masken Offline
MM club member
*****

Registered: 2000-11-27
Posts: 1222
Loc: Gothenburg, Sweden
I think there's really no option nut unregistering the DLL until there's a working patch available:
Code:
regsvr32 /u /s %windir%\system32\shimgvw.dll


...if your users aren't local admins, put it in a GPO startup-script, or use cpau, runas etc.
_________________________
The tart is out there

Top
#154326 - 2006-01-04 06:40 AM Re: WMF vulnerability - debating on whether to roll out work around with ki
Lonkero Administrator Offline
KiX Master Guru
*****

Registered: 2001-06-05
Posts: 22346
Loc: OK
Quote:


Mikko Hypponen, director of antivirus research at F-Secure, said he believes corporations can trust the unofficial patch, which was created by security software developer Ilfak Guilfanov.

"This is a very unusual situation--we've never done this before. We trust Ilfak, and we know his patch works," Hypponen said. "We've confirmed the binary does what the source code said it does. We've installed the patch on 500 F-Secure computers, and have recommended all of our customers do the same. The businesses who have installed the patch have said it's highly successful."




http://news.zdnet.com/2100-1009_22-6016649.html
_________________________
!

download KiXnet

Top
#154327 - 2006-01-05 04:47 AM Re: WMF vulnerability - debating on whether to roll out work around with ki
Lonkero Administrator Offline
KiX Master Guru
*****

Registered: 2001-06-05
Posts: 22346
Loc: OK
Quote:


Hexblog.com overloaded
Turns out half the planet tried to download WMFFIX_HEXBLOG.EXE from Ilfak Guilfanov's personal website (hexblog.com). The resulting traffic amounts were so huge that his hosting provider actually shut his site down.
 
Update at 09:55 GMT: The site www.hexblog.com is now back up and running in reduced state. It's still under extremely heavy traffic.
 
Ilfak has set up a temporary site at http://216.227.222.95, offering links to various download locations.
 
He mentions on his page:
 
Due to incredibly high load, the page has been reduced to the bare minimum.
Thanks for understanding.
Safe computing!

 
- Mikko Hyppönen



_________________________
!

download KiXnet

Top
#154328 - 2006-01-05 10:43 AM Re: WMF vulnerability - debating on whether to roll out work around with ki
masken Offline
MM club member
*****

Registered: 2000-11-27
Posts: 1222
Loc: Gothenburg, Sweden
would be interesting to know exactly what that MSI package does...
_________________________
The tart is out there

Top
#154329 - 2006-01-05 06:27 PM Re: WMF vulnerability - debating on whether to roll out work around with ki
Lonkero Administrator Offline
KiX Master Guru
*****

Registered: 2001-06-05
Posts: 22346
Loc: OK
well, why don't you check it out?
_________________________
!

download KiXnet

Top
#154330 - 2006-01-05 07:25 PM Re: WMF vulnerability - debating on whether to roll out work around with ki
Allen Administrator Online   shocked
KiX Supporter
*****

Registered: 2003-04-19
Posts: 4549
Loc: USA
The last version I saw (V1.4) added support for silent scripting, which I think was the only reason for the MSI version.
Top
#154331 - 2006-01-05 10:46 PM Re: WMF vulnerability - debating on whether to roll out work around with ki
ostech Offline
Lurker

Registered: 2005-07-05
Posts: 4
http://www.microsoft.com/technet/security/Bulletin/MS06-001.mspx

MS came out with the patch early.

Top
#154332 - 2006-01-05 11:30 PM Re: WMF vulnerability - debating on whether to roll out work around with ki
Lonkero Administrator Offline
KiX Master Guru
*****

Registered: 2001-06-05
Posts: 22346
Loc: OK
yep.
hence the follow up thread:
http://www.kixtart.org/ubbthreads/showflat.php?Number=154210
_________________________
!

download KiXnet

Top
#154333 - 2006-01-10 09:46 AM Re: WMF vulnerability - debating on whether to roll out work around with ki
Co Offline
MM club member
***

Registered: 2000-11-20
Posts: 1341
Loc: NL
2 new Vulnerabilities:

http://msgs.securepoint.com/cgi-bin/get/bugtraq0601/89.html
_________________________
Co


Top
#154334 - 2006-01-10 09:57 AM Re: WMF vulnerability - debating on whether to roll out work around with ki
Lonkero Administrator Offline
KiX Master Guru
*****

Registered: 2001-06-05
Posts: 22346
Loc: OK
nice...
_________________________
!

download KiXnet

Top
Page 2 of 2 <12


Moderator:  Arend_, Allen, Jochen, Radimus, Glenn Barnas, ShaneEP, Ruud van Velsen, Mart 
Hop to:
Shout Box

Who's Online
0 registered and 628 anonymous users online.
Newest Members
Raoul, Timothy, Jojo67, MaikSimon, kvn317
17875 Registered Users

Generated in 0.157 seconds in which 0.111 seconds were spent on a total of 13 queries. Zlib compression enabled.

Search the board with:
superb Board Search
or try with google:
Google
Web kixtart.org