john smith
January 3rd 06, 02:20 AM
From http://www.grc.com/sn/notes-020.htm
*A special (short) edition of "Security Now!" ‹ On Sunday, January 1st,
I phoned into Leo Laporte's KFI "Tech Guy" radio program to inform him
and his radio audience of the availability of Ilfak's new patch and real
solution. Leo produced a special edition of our weekly "Security Now!"
audio podcast. Since this was by telephone the audio quality is not
great, but the high-quality and lower-quality MP3 audio files are
available here:
*Ilfak has produced a WMF Vulnerability Checker ‹ Many users want to
verify that their "exploit suppressed" systems are now safe to use. And
others want to see whether their anti-virus A-V systems are now
detecting some WMF exploit code. So Ilfak has produced a simple WMF
Vulnerability tester:
****Download Ilfak's WMF Vulnerability Checker (3.6 kb)
http://www.hexblog.com/security/files/wmf_checker_hexblog.exe
You can read more about his checker, and users' experiences, on his
Vulnerability Checker blog page.
http://www.hexblog.com/2006/01/wmf_vulnerability_checker.html
*An important Note about A-V signatures: As useful as anti-virus
protection is as a first line of defense, new WMF exploits are
succeeding at bypassing them. So A-V cannot be relied upon. The only
safe measure is to install Ilfak's vulnerability suppression solution
until Microsoft has updated the GDI32.DLL file and permanently resolved
this problem.
*Windows 98/SE/ME users: Microsoft's original advice to "unregister the
shimgvw.dll" (shell image viewer) was never correct or useful on those
platforms. The good news is that all current WMF exploits appear to be
non-functional on the older Win9x vintage platforms*.*.*. so you will
likely be okay until Microsoft has updated your system with the next
security patches. There is no short-term workaround for Windows 9x users.
*Other new links: See the bottom of the RED box below for many "original
discovery" links.
****SANS "Handler's Diary" update for January 1st, 2006
http://isc.sans.org/diary.php?rss&storyid=996
****F-Secure's ongoing coverage and updates
http://www.f-secure.com/weblog/archives/archive-012006.html
*Get generic WMF Vulnerability news ‹ from GoogleNews:
*A special (short) edition of "Security Now!" ‹ On Sunday, January 1st,
I phoned into Leo Laporte's KFI "Tech Guy" radio program to inform him
and his radio audience of the availability of Ilfak's new patch and real
solution. Leo produced a special edition of our weekly "Security Now!"
audio podcast. Since this was by telephone the audio quality is not
great, but the high-quality and lower-quality MP3 audio files are
available here:
*Ilfak has produced a WMF Vulnerability Checker ‹ Many users want to
verify that their "exploit suppressed" systems are now safe to use. And
others want to see whether their anti-virus A-V systems are now
detecting some WMF exploit code. So Ilfak has produced a simple WMF
Vulnerability tester:
****Download Ilfak's WMF Vulnerability Checker (3.6 kb)
http://www.hexblog.com/security/files/wmf_checker_hexblog.exe
You can read more about his checker, and users' experiences, on his
Vulnerability Checker blog page.
http://www.hexblog.com/2006/01/wmf_vulnerability_checker.html
*An important Note about A-V signatures: As useful as anti-virus
protection is as a first line of defense, new WMF exploits are
succeeding at bypassing them. So A-V cannot be relied upon. The only
safe measure is to install Ilfak's vulnerability suppression solution
until Microsoft has updated the GDI32.DLL file and permanently resolved
this problem.
*Windows 98/SE/ME users: Microsoft's original advice to "unregister the
shimgvw.dll" (shell image viewer) was never correct or useful on those
platforms. The good news is that all current WMF exploits appear to be
non-functional on the older Win9x vintage platforms*.*.*. so you will
likely be okay until Microsoft has updated your system with the next
security patches. There is no short-term workaround for Windows 9x users.
*Other new links: See the bottom of the RED box below for many "original
discovery" links.
****SANS "Handler's Diary" update for January 1st, 2006
http://isc.sans.org/diary.php?rss&storyid=996
****F-Secure's ongoing coverage and updates
http://www.f-secure.com/weblog/archives/archive-012006.html
*Get generic WMF Vulnerability news ‹ from GoogleNews: