View Single Post
  #1  
Old January 6th 06, 07:50 PM posted to rec.aviation.piloting
external usenet poster
 
Posts: n/a
Default Latest Windows vulnerability UPDATE

from
http://grc.com/sn/notes-020.htm

Official WMF Vulnerability update
from Microsoft Available NOW!
http://update.microsoft.com/


Ilfak Guilfanov on "Security Now" #21 !

Ilfak Guilfanov, developer of "The Patch" for temporarily protecting
Windows users from exploitation of the WMF vulnerability (while we were
waiting for Microsoft's official security update) joined Leo and me to
discuss this first serious Windows vulnerability of the New Year.

If you wish to be automatically notified whenever we post a new Security
Now! audio program, you may use the button below to register an eMail
address with the trustworthy "Change Detection" service. You will be
able to easily remove yourself at any time:

(it's private by ChangeDetection)

Microsoft is not fixing Windows 98/ME
*.*.*. so GRC will.

Microsoft has now "reclassified" the WMF vulnerability in Windows 95,
98, and ME as non-critical (instead of just fixing it!). This means that
it will probably NOT be updated and patched to eliminate the WMF
handling vulnerability that those older versions of Windows apparently
still have. (This vulnerability still needs to be confirmed.)

So, if Microsoft does not produce an update to repair those older
versions of Windows, GRC will make one available.
Microsoft's official security update does
the same thing as Ilfak's patch

Users of Ilfak's temporary patch ‹ which is no longer needed in the wake
of Microsoft's early released official update ‹ may rest easily. Ilfak
reports that he checked-out Microsoft's new replacement GDI32.DLL*.*.*.
and it permanently does the same thing as his temporary patch: It simply
revokes support for the age-old WMF "SETABORT" command from metafile
processing.