|
techAdmin
Back to top
Status: Site Admin Joined: 26 Sep 2003 Posts: 936 Location: East Coast, West Coast? I know it's one of them. |
Update: Microsoft has just released the patch. You can grab it from that microsoft security update page.
============================ ============================ Ignore this except for links to faqs and castlecop forum stuff -------------------------------------------------- If you haven't heard about this one, you want to get it patched. The vulnerability affects Windows xp, windows server 2003, and some installations of Windows 2000. You can get some temp fixes from Castlecops. Those include the vulnerability checker [link goes to exe file] and the hotfix [link to exe file]. So far all Windows 2000 installations have been found to be vulnerable. More at castlecops, and from microsoft. Also from zdnet. You can check out the source of these at Ilfak Guilfanov's hexlblog.com. You can also get the md5 check sums for both programs at that site, I won't list them here since that would be pointless. I have verified both md5 checksums from the castlecops download source if you don't have an md5 checksum utility installed. :: Quote :: # Should I install Ilfak Guilfanov's WMF Hotfix?
Microsoft recommends against installing third party patches, however, the rest of the security industry recommends installing it. A slide presentation lower down explains why. castlecop wmf exploit faqs |
|||||
|
vkaryl
Back to top
Status: Contributor Joined: 31 Oct 2004 Posts: 273 Location: back of beyond - s. UT, closer to Vegas than SLC |
So if I've already installed the hexblog hotfix, do I want to install ms's patch on top?
Why do I not feel good about the ms patch? |
|||||
|
techAdmin
Back to top
Status: Site Admin Joined: 26 Sep 2003 Posts: 936 Location: East Coast, West Coast? I know it's one of them. |
:: Quote :: # How do I un-install the hotfix on a single system?
Un-install it from the Add/Remove programs window. Or you can uninstall it using the uninstall file in the folder, it's in c:\program files, can't remember the name. Why does the microsoft patch make you nervous? Probably because microsoft released it several days earlier than they said they would. However, since the first patch has already been tested heavily, and has its source code available for viewing, I'll bet you that microsoft basically just implemented that logic, tested it quickly in the build labs, released it to some early testers to double check, then let it out. There was a lot of pressure on them to get it out, they were totally shown up by a single guy who didn't even have access to Window's source code directly, he unravelled the binary I think. By the way, I just saw that you already posted on this yesterday, beat me to it, lol, missed that post somehow. |
|||||
|
vkaryl
Back to top
Status: Contributor Joined: 31 Oct 2004 Posts: 273 Location: back of beyond - s. UT, closer to Vegas than SLC |
I don't have a lot of use for ms. Not any more. Not going into a rant or anything.... I just prefer not using their "fixes" unless absolutely necessary.
Thanks for the info! |
|||||
|
All times are GMT - 8 Hours
|
||||||
Contact Us
Hosting: Pair Networks: 0.047
Forum Software © 2001–2006 phpBB
techForum Style © 2003–2006 techpatterns.com
info
Hosting: Pair Networks: 0.047
Forum Software © 2001–2006 phpBB
techForum Style © 2003–2006 techpatterns.com
info