Windows wmf vulnerability hotfix and checker
techAdmin
Status: Site Admin
Joined: 26 Sep 2003
Posts: 4126
Location: East Coast, West Coast? I know it's one of them.
Reply Quote
Update: Microsoft has just released the patch. You can grab it from that microsoft security update page.

============================
============================
Ignore this except for links to faqs and castlecop forum stuff
--------------------------------------------------
If you haven't heard about this one, you want to get it patched.

The vulnerability affects Windows xp, windows server 2003, and some installations of Windows 2000.

You can get some temp fixes from Castlecops.

Those include the vulnerability checker [link goes to exe file] and the hotfix [link to exe file]. So far all Windows 2000 installations have been found to be vulnerable. More at castlecops, and from microsoft. Also from zdnet.

You can check out the source of these at Ilfak Guilfanov's hexlblog.com.

You can also get the md5 check sums for both programs at that site, I won't list them here since that would be pointless. I have verified both md5 checksums from the castlecops download source if you don't have an md5 checksum utility installed.

:: Quote ::
# Should I install Ilfak Guilfanov's WMF Hotfix?

Microsoft recommends against installing third party patches, however, the rest of the security industry recommends installing it. A slide presentation lower down explains why. castlecop wmf exploit faqs

Back to top
vkaryl
Status: Contributor
Joined: 31 Oct 2004
Posts: 273
Location: back of beyond - s. UT, closer to Vegas than SLC
Reply Quote
So if I've already installed the hexblog hotfix, do I want to install ms's patch on top?

Why do I not feel good about the ms patch?
Back to top
techAdmin
Status: Site Admin
Joined: 26 Sep 2003
Posts: 4126
Location: East Coast, West Coast? I know it's one of them.
Reply Quote
:: Quote ::
# How do I un-install the hotfix on a single system?

Un-install it from the Add/Remove programs window.


Or you can uninstall it using the uninstall file in the folder, it's in c:\program files, can't remember the name.

Why does the microsoft patch make you nervous? Probably because microsoft released it several days earlier than they said they would. However, since the first patch has already been tested heavily, and has its source code available for viewing, I'll bet you that microsoft basically just implemented that logic, tested it quickly in the build labs, released it to some early testers to double check, then let it out. There was a lot of pressure on them to get it out, they were totally shown up by a single guy who didn't even have access to Window's source code directly, he unravelled the binary I think.

By the way, I just saw that you already posted on this yesterday, beat me to it, lol, missed that post somehow.
Back to top
vkaryl
Status: Contributor
Joined: 31 Oct 2004
Posts: 273
Location: back of beyond - s. UT, closer to Vegas than SLC
Reply Quote
I don't have a lot of use for ms. Not any more. Not going into a rant or anything.... I just prefer not using their "fixes" unless absolutely necessary.

Thanks for the info!
Back to top
Display posts from previous:   

All times are GMT - 8 Hours