WMF patch available now

[Wesley Vogel]

Microsoft Security Bulletin MS06-001
Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution
(912919)
http://www.microsoft.com/technet/security/bulletin/ms06-001.mspx

 

[WTC]

Thanks Wesley for the heads up.

 

[Wesley Vogel]

Your Welcome, William.

I downloaded and installed it. Now I am a little safer until the next
exploit.

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In

 

[Saucy Lemon]

Your Welcome, William.

I downloaded and installed it. Now I am a little safer until the next
exploit.


In

This .WMF exploit would fail against a modern CPU with the no-execute bit if
Windows XP2's DEP is enabled. If you are of the sort to be concerned, and
you like to upgrade, here is a real excuse to do so. All the newer AMD and
Intel CPUs have the no-execute bit. This combined with DEP makes buffer
overrrun exploits a thing of the past for the most part. The current .WMF
exploit doesn't work against such a combination.

 

[John Waller]

I downloaded and installed it. Now I am a little safer until the next

exploit.

From the exploit itself?

or from passionately discussed threads in this forum on Microsoft's delay in
releasing the patch?

 

[jopa66]

I see your smiley there, but can we not give credit where credit is due?
When Microsoft made the corporate decision to release updates on a monthly
schedule, it was not only for their benefit but the entire IT infrastructure
as well. They also stated to the sort that if a situation warranted an
update outside of the normal schedule, they would release it ASAP,
regardless of the schedule. This patch has been released 5 days ahead of
January's scheduled updates. I am not a programmer but, I imagine that it
takes time to code and thoroughly test these patches. They did provide a
temporary workaround very soon after they became aware of the exploit. I can
remember the days when patches were released too soon, resulting in the
necessity to re-patch the patches. Certainly not good for their corporate
image! I'm not proposing that Microsoft (or any company or person for that
matter) is beyond reproach but, I do see this situation as responsible
action and fulfillment of a promise.

 

[Mike Hall \(MS-MVP\)]

John

Accept the patch in good faith..

 

[Rock]

From the exploit itself?

or from passionately discussed threads in this forum on Microsoft's delay in
releasing the patch?

What deley. They were quite timely IMO.

 

[Wesley Vogel]

What's SP2?

Seriously, I do have a new case, power supply and DVD burner anxiously
awaiting all the other components. Decisions, decisions.

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In

 

[Rick]

Thanks Wesley for the heads up.

Just be sure you delete it before inatalling Microsoft's patch.

Rick

 

[WTC]

Just be sure you delete it before inatalling Microsoft's patch.

Please elaborate....delete what? Or are you just assuming things about my
computer's health?

 

[John Waller]

What deley.

I should have said alleged delay, which some were vehemently claiming.

They were quite timely IMO.

I agree.

 

[John Waller]

Accept the patch in good faith..

Done and installed.

I think Microsoft responded well.

 

[Shane]

I can remember the days when patches were released too soon, resulting in

the necessity to re-patch the patches.

Well you don't have to remember far, then. Certainly patches have been
released and then revised, since scheduled monthly releases became the norm,
because the original caused problems. If such has now been rectified it's
still too soon to be cited as evidence of the schedule's efficacy. It's a
shame the posters ignored that fact when eagerly agreeing with your
timeliness point (which I don't disagree with, I'm just not biased enough to
tacitly agree with your entire argument).


Shane

--


The Sugitive

Chapter One: http://tinyurl.com/bcevp

Chapter Two: http://tinyurl.com/ag92o

Chapter Three: Coming to an URL near you soon!

------------------------------------

 

[jopa66]

Yes. Well I didn't mean it to sound like everything is perfect in today's
world. It's just that before the schedule, it seemed that sometimes we were
barraged with countless random patches and re-patches. I'm just glad that
today they seem to be more careful with what they do release, even if that
means we must wait a little longer for the updates. I'm hoping at least that
this is a trend that will carry forward.

 

[cquirke (MVP Windows shell/user)]

On Fri, 6 Jan 2006 15:05:14 +1030, "John Waller"

I should have said alleged delay, which some were vehemently claiming.

They did the best they could, but the fact is, this defect was found
and exploited In The Wild before a patch was available.

This should serve as a heads-up that one cannot rely on patching
defects later, as a foolproof way to avoid malware that exploits them.

The target remains defect-free design and code, and I still don't see
as serious committment to that as some might like.

---------- ----- ---- --- -- - - - -

Don't pay malware vendors - boycott Sony