VMF Threat Questions

[Guest]

I have read with interest in CastleCops the VMF threat and downloaded and
installed the temporary patch, but I still seem to be a bit confused about
this.

Microsoft suggests unregistering the Windows Picture and Fax Viewer as a
possible solution, but that it really inconvenient if you use it regularly.
They (Microsoft) also suggest keeping security updates current, enabling
firewall, using anti-virus software, and use MSAS, all which I do.

I guess my question is - does this mean even though I have installed the 3rd
Party temporaty patch, that I should quit using Windows Picture and Fax
Viewer? I wish Microsoft would at least put out some help on this until
they get a permanent fix. Anyone have any suggestions?

 

[Guest]

Sorry folks - this should be Subject: WMF Threat Question - I can't type -
or can't read, - probably both at times.

 

[plun]

Hi

What MS have done: One Care......?

http://www.microsoft.com/technet/security/advisory/912840.mspx

http://blogs.technet.com/msrc/


Sans.org:

Unregister AND patch also check patch.

http://isc.sans.org/diary.php?storyid=994


regards
plun

 

[Bill Sanderson]

Microsoft is unlikely to comment on the unofficial patch. As I recall, the
author of that patch and other experts from Sans.org who've audited his
work--assert that with the patch in place, all usual functionality remains,
and is safe.

I trust their judgement. You've gone beyond Microsoft's recommendations to
the point of using the unofficial patch. I think that's enough--I wouldn't
remove further functionality.

 

[Bill Sanderson]

Thanks, plun--I stand corrected: ISC recommends both unregistering the DLL
and using the unofficial patch. If you want to take steps beyond those
Microsoft is recommending in their advisory, I'd go with ISC's advice.

--

 

[Guest]

Thanks, Bill

Microsoft is unlikely to comment on the unofficial patch. As I recall, the
author of that patch and other experts from Sans.org who've audited his
work--assert that with the patch in place, all usual functionality remains,
and is safe.

I trust their judgement. You've gone beyond Microsoft's recommendations to
the point of using the unofficial patch. I think that's enough--I wouldn't
remove further functionality.

 

[Guest]

Microsoft is unlikely to comment on the unofficial patch. As I recall, the
author of that patch and other experts from Sans.org who've audited his
work--assert that with the patch in place, all usual functionality remains,
and is safe.

I trust their judgement. You've gone beyond Microsoft's recommendations to
the point of using the unofficial patch. I think that's enough--I wouldn't
remove further functionality.

 

[Bill Sanderson]

I'm hoping you saw my reply to plun.

ISC recommends BOTH applying the unofficial patch AND deregistering the .DLL
file.

I'd follow their recommendation. Pick your expert and trust their advice
has been my way of doing things--and in this case we're going with ISC &
Sans--so I wouldn't pick and choose amongst their recommendations.

--