Re: Unofficial WMF fix gets thumbs up by SANS.org and NIST.org
- From: "nemo_outis" <abc@xxxxxxx>
- Date: 03 Jan 2006 17:15:09 GMT
Copied from alt.computer.security
A working patch (even if not official)
For more and to download the patch (now - today! -availble as an msi
rather than an exe) see:
"NIST.org" <google@xxxxxxxxxxxxxx> wrote in news:1136278459.673672.283040
> The SANS recommended hotfix (by: Ilfak Guilfanov) intercepts calls to
> the exploitable program routines in the vulnerable shimgwv.dll file.
> It completely mitigates any threat from this vulnerability. No need to
> run Microsoft suggested unregister command but it doesn't hurt to do so
> (belt and suspenders is what SANS called it).
> My only problem with this fix is that its not very enterprise friendly.
> It requires installation on every machine through non-automated
> processes (yes, you can automate an install yourself) and should be
> uninstalled after Microsoft releases their fix.
> The latest exploit kits being circulated allows creation of WMF files
> with varying signatures. This was intended to make detection by
> IDS/IPS and antivirus programs much harder or impossible. So this
> unofficial hotfix maybe all we have at the moment.
> You can download the hotfix and read more at http://www.NIST.org
> Check back often for updates or subscribe to the NIST.org RSS feed.
- Prev by Date: Re: Public Utility Records, and Off-Shore Application Development
- Next by Date: Re: Public Utility Records, and Off-Shore Application Development
- Previous by thread: Public Utility Records, and Off-Shore Application Development
- Next by thread: False background checks can destroy character,article link and cite