[OPLINTECH] WMF Exploit Hotfix

JKENZIG JKENZIG at cuyahoga.lib.oh.us
Tue Jan 3 11:30:02 EST 2006 

Note you should still stick to applying only to Windows XP or 2003 per
Larry Seltzer's latest blog entry....
http://blog.ziffdavis.com/seltzer
It is true, as F-Secure says, that all versions of Windows back to 3.0
have the vulnerability in GDI32. But most versions of Windows are not
quite as vulnerable as they appear. Except for Windows XP and Windows
Server 2003, no Windows versions, in their default configuration, have a
default association for WMF files, and none of their Paint programs or
any other standard programs installed with them can read WMF files. One
ironic point to conclude is that not until their most recent operating
system versions did Microsoft include a default handler - the Windows
Picture and Fax Viewer - for what has been, for years, an obsolete file
format. And now it comes back to bite them.
Therefore only consider applying the Guilfanov patch on Windows XP and
Windows Server 2003. On other platforms, unless you have installed your
own vulnerable default handler for WMF files, the likelihood of
compromise even when a system is bombarded with malicious WMFs is low.
 

________________________________

From: oplintech-bounces at oplin.org [mailto:oplintech-bounces at oplin.org]
On Behalf Of Bruce Landis
Sent: Tuesday, January 03, 2006 10:43 AM
To: OPLINTECH at OPLIN.ORG
Subject: Re: [OPLINTECH] WMF Exploit Hotfix


I trust the Oplintech listserv but a basic question remains for any
volunteered patch... how do we validate it?  Certainly a PCWorld
columnist would appear to be a reliable source, and the hyperlinks trace
out ok, but...
 
I try to teach our staff not to download and install protective products
simply because they pop-up and present themselves to the end user. Do
others on the list have additional validation of this patch? Or...if
anyone on the list who has an isolated lab machine were to do the patch,
watch for rogue processes and report back it would ease my mind -
somewhat.  
 
Paranoid as always, 
 
Bruce Landis
Technology Specialist
Chillicothe and Ross County Public Library
(740) 702-4115  fx (740) 702-4118
landisbr at oplin.org
 
-----Original Message-----
From: oplintech-bounces at oplin.org [mailto:oplintech-bounces at oplin.org]On
Behalf Of Ron Dalpiaz
Sent: Tuesday, January 03, 2006 9:59 AM
To: OPLINTECH at OPLIN.ORG
Subject: [OPLINTECH] WMF Exploit Hotfix
 
There's a very effective temporary hotfix for the WMF Exploit.
 
It comes from Steve Gibson's site. He is known as a security guru in the
industry.
 
You can read about this at:
 
http://blogs.pcworld.com/tipsandtweaks/archives/001162.html
 
Gibson's explanation/download page regarding the fix is at:
 
http://www.grc.com/sn/notes-020.htm
<http://www.grc.com/sn/notes-020.htm> 
 
 
Ron Dalpiaz
Technology Coordinator
Dover Public Library
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.oplin.org/mailman/private/oplintech/attachments/20060103/b7b3b48f/attachment.html

More information about the OPLINTECH mailing list