WMF - IMPORTANT Warning for all Windows users!

sra wrote:

Just in case you haven't heard, there has been a lot of talk on techie sites about a very bad vunerability in windows.- Threre are already MANY exploits and all browsers are vunerable

There is a patch here (unlinked sjb). The red box is microsoft's temporary soloution but instead you could use the unofficial patch in the Green box - Just remember to uninstal this temp patch when MS has an official patch (as it says in the green box)

Apologies if this has been mentioned before - With New Year haven't been able to keep as up to date as usual.

IMHO you are a very brave man to offer such advice to the whole of the MSE readership. Those know-nothings at Microsoft offer http://www.microsoft.com/technet/security/advisory/912840.mspx

What’s Microsoft’s response to the availability of third party patches for the WMF vulnerability?
Microsoft recommends that customers download and deploy the security update for the WMF vulnerability that we are targeting for release on January 10, 2006.

As a general rule, it is a best practice to utilize security updates for software vulnerabilities from the original vendor of the software. With Microsoft software, Microsoft carefully reviews and tests security updates to ensure that they are of high quality and have been evaluated thoroughly for application compatibility. In addition, Microsoft’s security updates are offered in 23 languages for all affected versions of the software simultaneously.

Microsoft cannot provide similar assurance for independent third party security updates.

I have no opinion or advice on the matter (but have installed the unoficial patch and unregistered the dll, and am keeping a weather eye on other forums).

SJB

do you know if there are any mirrors for that Russian guy's patch? - I should have done it when you first posted it

I came accross an article over this exploit. AV-test.org ran all 73 known variants of this exploit against a range of antivirus programs to see which were being kept up to date against this exploit. I was most amazed at the result of Kaspersky.

Here's the list.............

AV-Test which tests anti-malware products, has been tracking the situation closely and has, so far, analyzed 73 variants of malicious WMF files. Products from the following companies have identified all 73:

* Alwil Software (Avast)
* Softwin (BitDefender)
* ClamAV
* F-Secure Inc.
* Fortinet Inc.
* McAfee Inc.
* ESET (Nod32)
* Panda Software
* Sophos Plc
* Symantec Corp.
* Trend Micro Inc.
* VirusBuster

These products detected fewer variants:

* 62 — eTrust-VET
* 62 — QuickHeal
* 61 — AntiVir
* 61 — Dr Web
* 61 — Kaspersky
* 60 — AVG
* 19 — Command
* 19 — F-Prot
* 11 — Ewido
* 7 — eSafe
* 7 — eTrust-INO
* 6 — Ikarus
* 6 — VBA32
* 0 — Norman

Toxteth_OGrady wrote:

That puts an interesting spin on the perennial Avast vs AVG, better of the free argument.

:cool:

TOG

lol......I saw that too, but I didn't want to upset anyone by pointing this out.