microsoft windows metafile and wmf vulnerability Resources

Sponsored White Papers, Webcasts, and Downloads

ZDNet Resources

Open-source bugs undermine digital signatures: Open-source bugs undermine digital signaturesGod bless Open Source communityGod bless Open Source communityWhile I sympathize with open source usersnow attackers know what to do. Just kidding.Many eyes??? Hmmm, blind eyes maybe?;-)digital signaturesLinux and Unix distributors, for example, often use GPG digital signatures in their security advisories so customers...; Tags: Digital signatures, Authentication/Encryption, Digital security, Patches, SECURITY, Microsoft Windows Metafile, digital signature, patch, WMF vulnerability, open source; Discussion threads 2006-03-11
Microsoft issues patch for WMF vulnerability: Microsoft issues patch for WMF vulnerabilityZDNet, there is no WMP 10 for Windows 98..."Microsoft also patched ... Windows Media Player 10 on 98/98SE/ME/XP (up to and including SP2)."Please check your facts. WMP 10 is only available for XP/2003.New M$ OS...Windhose, pass it on. >;-]ZzzzzzHave WSUS, dont need to worry...; Tags: Microsoft Windows XP Service Pack 2, Patches, Microsoft Windows, Operating systems, Cyberthreats, Microsoft Corp., patch management, Service Pack 2, operating system, Microsoft Windows Metafile, WMP 10, WMF vulnerability; Discussion threads 2006-02-14
British parliament attacked using WMF exploit: British parliament attacked using WMF exploitWill the West figure out China is NOT their friend?I doubt it...At least not until it's too late.attacks...We get attempts to break in from the Chinese at least 10 times a day on our mail and web servers...this is news?Is Microsoft governments friend?There needs to...; Tags: Linux, INTERNET, Operating systems, MSFT, Microsoft Windows Metafile, bad people, Microsoft Corp., IP, IP address, WMF vulnerability; Discussion threads 2006-01-23
Steve Gibson says WMF vulnerability is an intentional Backdoor: Steve Gibson, creator of the firewall Leak Test believes that the WMF vulnerability was deliberately programmed into Windows. He hypothesizes that Microsoft could have put it in for a situation where they had to bypass admin settings, firewalls, AV, to execute code on the machines of visitors to their...; Tags: Microsoft Windows, Firewalls, SECURITY, Steve Gibson, WMF vulnerability, Microsoft Windows Metafile; Blog posts 2006-01-14
New WMF vulnerabilities: Remember my loooong blog posting about weldng in the ship yard? See Tip of the Iceberg) How one pin hole in a weld led to the discovery of a sponge of metal holding two joints together?Well following in the usual path new vulns in the way Windows interprets...; Tags: Blogging, Microsoft Windows Metafile, WMF vulnerability; Blog posts 2006-01-10

Microsoft releases critical update for WMF exploit today: Microsoft releases critical update for WMF exploit todayAll it takes is overwhelming public abrobationIt is only in response to overwhelming public abrobation that Microsoft have released this patch in anything resembling a timely manner. If it had not been for such public public discussion, Microsoft would have done nothing -...; Tags: Patches, Microsoft Windows Metafile, Microsoft Corp., security, WMF vulnerability, software; Discussion threads 2006-01-06
Linux/BSD still exposed to WMF exploit through WINE!: Linux/BSD still exposed to WMF exploit through WINE!AccuracyThis is old news. WINE reached the "bug-for-bug emulation" milestone of supporting Microsoft malware in 2004.It's not up to the WINE team to revise the definition of "Microsoft compatible," only to achieve it.Oh Noooooooooooooooooo!Well, if WINE is written well then it shouldn't...; Tags: WMF vulnerability, Microsoft Windows Metafile, wine; Discussion threads 2006-01-05
Linux/BSD still exposed to WMF exploit through WINE!: While news of Microsoft's official patch for the WMF exploit reaches the web, I just received an email from H D Moore (founder of the metasploit project and creator of the original proof-of-concept WMF exploit code) that WINE was still vulnerable to the WMF exploit. He was kind enough...; Tags: Wine, patch, Microsoft Windows Metafile; Blog posts 2006-01-05
Microsoft releases critical update for WMF exploit today: Instead of waiting until January 10 as previously announced, Microsoft is releasing the patch for the WMF exploit as a critical update today. Microsoft Security Bulletin MS06-001 has download links for all of the affected operating systems. It's supposed to be available at 2:00 PM PST, (UTC/GMT -8) today, but...; Tags: Microsoft Corp., patch; Blog posts 2006-01-05
About Notes and the WMF exploit: I've been pinged a bunch about the WindowsWMF graphics rendering engine file vulnerability that cropped up last week. IBM's official technote is posted, #1227004-- Is Lotus Notes affected by the Windows Meta File vulnerability reportedin Microsoft Security Advisory # 912840? It also references NIST.ORG'sspecific bulletin...; Tags: Microsoft Windows Metafile, IBM Lotus Notes; Blog posts 2006-01-05
WMF vulnerability patch and more good news: WMF vulnerability patch and more good newsIlfak Guilfanov T-shirts will be available before official MS patch ntnt; Tags: WMF vulnerability, Microsoft Windows Metafile; Discussion threads 2006-01-04
Alternative sites for the WMF patch and Microsoft's response to the exploit: It seems that Ilfak Guilfanov's site is down due to excessive bandwidth use. Ilfak Guilfanov is the programmer who has created an unofficial patch for the WMF exploit, and perhaps the only reliable method of prevention right now. The patch is now available at SunbeltBLOG and at security site...; Tags: Microsoft Windows Metafile, Microsoft Corp., patch; Blog posts 2006-01-03
WMF vulnerability patch and more good news: An unofficial patch has been written by programmer Ilfak Guilfanov. It works in my tests. Get it here. Uninstall it before installing the Microsoft patch due on January 10. There's is also a vulnerability checker here. Guilfanov's blog must be getting heavy traffic -- the pages are...; Tags: Microsoft Windows Metafile, Ilfak Guilfanov, patch; Blog posts 2006-01-03
Setting the record straight on the WMF vulnerability: Setting the record straight on the WMF vulnerabilityUS-CERT on vulnerabilities by OSand Windows is not number one.http://blogs.zdnet.com/Spyware/?p=736I think PJ examined this list on Groklaw.http://www.groklaw.net/article.php?story=20051231142317870SANS has an unofficial patchThe SANS Internet Storm Center (isc.sans.org) has an unofficial patch for this vulnerability. Scroll down the page to the "WMF FAQ"...; Tags: Operating systems, Microsoft Windows, Microsoft Windows Metafile, Unix, WMF vulnerability; Discussion threads 2005-12-30
Update on WMF exploit: Update on WMF exploitThe Cost of SwitchingThe cost of switching? The cost of any new single system can be seen as comparable and competitive to any other single system. The "cost" as the author puts it, comes not from the switch, but from the fact you have to consider it....; Tags: AdBlock, Microsoft Windows Metafile, WMF vulnerability; Discussion threads 2005-12-30
Setting the record straight on the WMF vulnerability: It's seems normal that the year in technology ends with a critical Windows vulnerability. George Ou is setting the record straight on the critical WMF vulnerability, including the worthless fixes and the real fix, which results in Explorer being unable to display thumbnail images. Microsoft has been improving on the...; Tags: Microsoft Windows, WMF vulnerability, Microsoft Windows Metafile; Blog posts 2005-12-30
Lots of bad advice for critical WMF vulnerability!: Lots of bad advice for critical WMF vulnerability!Too much to TakeIt has been more than I can tolerate with one vulnerability after another.So much so, that I made the switch to a non-windows O/S.These things are largely gone, in Linux SuSE. Although one must be vigilent in applying updates and...; Tags: WMF vulnerability, data execution prevention, vulnerability, Microsoft Windows, Microsoft Windows Metafile, software; Discussion threads 2005-12-30
Lots of bad advice for critical WMF vulnerability!: [Updated again at 12/31/2005 1:45 AM] There has been a lot of bad information/advice being kicked around on the Internet pertaining to the critical WMF vulnerability in the last few days. I'm said to admit that I too fell for it for a short period of time until...; Tags: data execution prevention; Blog posts 2005-12-30
Update on WMF exploit: Some new approaches have emerged for reducing the risk of being affected by this exploit. One approach involves using Data Execution Prevention DEP. Explanation of DEP from Microsoft:Data execution prevention DEP is a set of hardware and software technologies that perform additional checks on memory to help protect against...; Tags: Spyware, adware & malware, Spyware, WMF vulnerability, exploit, data execution prevention, Spyaxe, IBM Lotus Notes, Microsoft Windows Metafile; Blog posts 2005-12-29
Protection from critical WMF vulnerability: Protection from critical WMF vulnerabilityAnyone tried this yet ?I went through the threads off George's blog here but one person says that it doesn't work with the Registry Disable. Also, has anyone actually tried the Registry Disable ? George ?SSDDSame situation; Different day ;)When will it end! ...; Tags: Microsoft Windows Metafile, WMF vulnerability, software, data execution prevention; Discussion threads 2005-12-29