[OPLINTECH] WMF Exploit Hotfix

Brad Stephens stephebr at nolanet.org
Tue Jan 3 11:22:47 EST 2006 

Interesting discussions this morning on the list, I would guess that
many sites are wrestling with the issues of installing an "unofficial"
patch this morning.  If you're interested the patch and the whole WMF
exploit issue, they have been discussed extensively on the SANS Internet
Storm Center, see:http://isc.sans.org for more.
 
- Brad
	-----Original Message-----
	From: oplintech-bounces at oplin.org
[mailto:oplintech-bounces at oplin.org] On Behalf Of JKENZIG
	Sent: Tuesday, January 03, 2006 11:15 AM
	To: Bruce Landis; OPLINTECH at OPLIN.ORG
	Subject: Re: [OPLINTECH] WMF Exploit Hotfix
	
	
	The patch is from Steve Gibson who is one of the foremost and
highly regarded security researchers out there.
	Jim Kenzig
	 

  _____  

	From: oplintech-bounces at oplin.org
[mailto:oplintech-bounces at oplin.org] On Behalf Of Bruce Landis
	Sent: Tuesday, January 03, 2006 10:43 AM
	To: OPLINTECH at OPLIN.ORG
	Subject: Re: [OPLINTECH] WMF Exploit Hotfix
	
	
	
	I trust the Oplintech listserv but a basic question remains for
any volunteered patch... how do we validate it?  Certainly a PCWorld
columnist would appear to be a reliable source, and the hyperlinks trace
out ok, but...
	 
	I try to teach our staff not to download and install protective
products simply because they pop-up and present themselves to the end
user. Do others on the list have additional validation of this patch?
Or...if anyone on the list who has an isolated lab machine were to do
the patch, watch for rogue processes and report back it would ease my
mind - somewhat.  
	 
	Paranoid as always, 
	 
	Bruce Landis
	Technology Specialist
	Chillicothe and Ross County Public Library
	(740) 702-4115  fx (740) 702-4118
	landisbr at oplin.org
	 
	-----Original Message-----
	From: oplintech-bounces at oplin.org
[mailto:oplintech-bounces at oplin.org]On Behalf Of Ron Dalpiaz
	Sent: Tuesday, January 03, 2006 9:59 AM
	To: OPLINTECH at OPLIN.ORG
	Subject: [OPLINTECH] WMF Exploit Hotfix
	 
	There's a very effective temporary hotfix for the WMF Exploit.
	 
	It comes from Steve Gibson's site. He is known as a security
guru in the industry.
	 
	You can read about this at:
	 
	http://blogs.pcworld.com/tipsandtweaks/archives/001162.html
	 
	Gibson's explanation/download page regarding the fix is at:
	 
	http://www.grc.com/sn/notes-020.htm
<http://www.grc.com/sn/notes-020.htm> 
	 
	 
	Ron Dalpiaz
	Technology Coordinator
	Dover Public Library
	 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.oplin.org/mailman/private/oplintech/attachments/20060103/3bdc98c1/attachment-0001.html

More information about the OPLINTECH mailing list