[OPLINTECH] WMF Exploit Hotfix

Wes Osborn wosborn at clcohio.org
Tue Jan 3 10:52:59 EST 2006


The only "real" way to verify is through the source code.  For the  
patch that is mentioned the source code has been made available.  I  
haven't personally checked it, but Steve Gibson is a trusted resource  
for me and he has examined the source code.

Even so I'm recommending that this only been installed on machines  
that are especially vulnerable or likely to encounter this problem.   
Since I believe that there is already an MSN messenger exploit; I  
would recommend it to anyone who uses that product.

Hope this helps,

-Wes
CLC

On Jan 3, 2006, at 10:42 AM, Bruce Landis wrote:

> I trust the Oplintech listserv but a basic question remains for any  
> volunteered patch… how do we validate it?  Certainly a PCWorld  
> columnist would appear to be a reliable source, and the hyperlinks  
> trace out ok, but…
>
>
>
> I try to teach our staff not to download and install protective  
> products simply because they pop-up and present themselves to the  
> end user. Do others on the list have additional validation of this  
> patch? Or…if anyone on the list who has an isolated lab machine  
> were to do the patch, watch for rogue processes and report back it  
> would ease my mind – somewhat.
>
>
>
> Paranoid as always,
>
>
>
> Bruce Landis
>
> Technology Specialist
>
> Chillicothe and Ross County Public Library
>
> (740) 702-4115  fx (740) 702-4118
>
> landisbr at oplin.org
>
>
>
> -----Original Message-----
> From: oplintech-bounces at oplin.org [mailto:oplintech- 
> bounces at oplin.org]On Behalf Of Ron Dalpiaz
> Sent: Tuesday, January 03, 2006 9:59 AM
> To: OPLINTECH at OPLIN.ORG
> Subject: [OPLINTECH] WMF Exploit Hotfix
>
>
>
> There's a very effective temporary hotfix for the WMF Exploit.
>
>
>
> It comes from Steve Gibson's site. He is known as a security guru  
> in the industry.
>
>
>
> You can read about this at:
>
>
>
> http://blogs.pcworld.com/tipsandtweaks/archives/001162.html
>
>
>
> Gibson's explanation/download page regarding the fix is at:
>
>
>
> http://www.grc.com/sn/notes-020.htm
>
>
>
>
>
> Ron Dalpiaz
>
> Technology Coordinator
>
> Dover Public Library
>
>
>
> _______________________________________________
> OPLINTECH mailing list
> OPLINTECH at oplin.org
> http://mail.oplin.org/mailman/listinfo/oplintech




More information about the OPLINTECH mailing list