What is Digg?75 Comments
- dahifi, on 10/12/2007, -0/+3Important Information for Thursday 5 January 2006
Microsoft announced that it would release a security update to help protect customers from exploitations of a vulnerability in the Windows Meta File (WMF) area of code in the Windows operating system on Tuesday, January 2, 2006, in response to malicious and criminal attacks on computer users that were discovered last week.
Microsoft will release the update today on Thursday, January 5, 2006, earlier than planned.
Microsoft originally planned to release the update on Tuesday, January 10, 2006 as part of its regular monthly release of security bulletins, once testing for quality and application compatibility was complete.
However, testing has been completed earlier than anticipated and the update is ready for release.
In addition, Microsoft is releasing the update early in response to strong customer sentiment that the release should be made available as soon as possible.
Microsoft's monitoring of attack data continues to indicate that the attacks are limited and are being mitigated both by Microsoft's efforts to shut down malicious Web sites and with up-to-date signatures form anti-virus companies.
The security update will be available at 2:00 pm PT as MS06-001. - ScoobyRex, on 10/12/2007, -0/+2It has already been relased. Check your Windows Updates.
- misterpony, on 10/12/2007, -0/+2http://update.microsoft.com/windowsupdate/v6/default.aspx?ln=en-us
There she blows - autobahn, on 10/12/2007, -0/+1Like I said in my other post, I work IT at a large university, and word here is that the patch works A-OK with the "temporary unofficial" patch. You can use the MS patch over it and uninstall the temporary patch afterwards.
Just trying to help folks get the info they need. I'm just glad we didn't see any mass-infections. - misterpony, on 10/12/2007, -0/+1Is this legit?..............
- Teratogen, on 10/12/2007, -0/+1Microsoft rates it as a critical exploit, and is supposed to release patches for Win 98 and Win 98 SE and Win ME for critical exploits, so why didn't they? Millions of people are still using these operating systems.
- misterpony, on 10/12/2007, -0/+1Nothing on the website yet. All I see is the press release from two days ago.
- gscharf, on 10/12/2007, -2/+3Remember, it's i before e EXCEPT after c.
- opus20745, on 10/12/2007, -0/+1People, this IS official, just check Windows Update.
- Teratogen, on 10/12/2007, -0/+1bah, I don't see a patch for Win 98 SE
- gamerzworld, on 10/12/2007, -0/+1meh I NOT leting Microsoft screw my computer up anymore. Im staying with Ilfak Guilfanov patch!
at least someone shows some love for 95/ME users!
"Microsoft has recently "reclassified" the WMF vulnerability in Windows 95, 98, and ME as below critical. This means that it will probably NOT be updated and patched for this vulnerability which those versions reportedly DO have.
So, if Microsoft doesn't produce an update for those versions of Windows, GRC will make one available."
http://www.grc.com/sn/notes-020.htm - theschles, on 10/12/2007, -0/+1Ok, now I'm fuming (http://www.microsoft.com/technet/security/bulletin/ms06-001.mspx - FAQ):
"Are Windows 98, Windows 98 Second Edition, or Windows Millennium Edition critically affected by one or more of the vulnerabilities that are addressed in this security bulletin?
"No. Although Windows 98, Windows 98 Second Edition, and Windows Millennium Edition do contain the affected component, the vulnerability is not critical because an exploitable attack vector has not been identified that would yield a Critical severity rating for these versions. For more information about severity ratings, visit the following Web site. (http://go.microsoft.com/fwlink/?LinkId=21140)"
WTF? Nobody's created a virus that uses the WMF vulnerability that targets Windows 98, so there's no reason to patch it? - digitalunltd, on 10/12/2007, -0/+0from http://www.hexblog.com/
"I'm glad to tell you that Microsoft has released an official patch for the problem earlier than planned!
It can be downloaded at the following address:
http://www.microsoft.com/technet/security/Bulletin/MS06-001.mspx
I urge everyone to download and install the official patch.
You do not need my hotfix anymore.
If you have previously installed it, please uninstall it now.
It can be uninstalled before or after applying the official patch
from the Add/Remove Programs window. " - theschles, on 10/12/2007, -0/+0stealthninjaman:
regsvr32 %windir%system32shimgvw.dll
Don't forget to also uninstall the unofficial patch after installing the official patch - theschles, on 10/12/2007, -0/+0Bloody backslashes got cut...
regsvr32 %windir%(backslash)system32(backslash)shimgvw.dll - phool, on 10/12/2007, -0/+0DL it but we use SMS at our company and it appears the XML file MS released is the wrong one, anyone else having issues with this
- byteburglar, on 10/12/2007, -0/+0I tried installing this patch, but after the mandatory restart, I couldn't boot to windows fully. It gave me a blank screen and the mouse pointer. After several attempts, I fell back on the good ol' system restore and everything is back to normal (unpatched and all). I was wondering if anybody else has had this problem?
- Barnstormer, on 10/12/2007, -0/+0Remember, it's i before e EXCEPT after c.
That's weird. - BadMammaJamma, on 10/12/2007, -0/+0test if the patch works here... http://www.albinoblacksheep.com/flash/end.php
J/K That ***** was funny - oldcyborg, on 10/12/2007, -0/+0I have AVG on my 32 bit, and Trust on my 64 bit. Neither had a fix available today, and I was having AVG tell me that a virus was found upon opening executable program files, mostly setup files. all exe's. I would vault the program, since it isn't required to run the programs, and go on. This went on for 20 minutes, after which I got to reboot before another message popped up!!!!
It came up allright in 64(I WAS in 32), so I downloaded the microsoft security patch, and installed it. I rebooted and came up in (my choice) 32. I had previously downloaded the patch onto this installation, which is the one that was giving me trouble. Now, after rebooting, which I had not done before, altho they told me to., now there is no problem. This is an hour later. So, whatever that was is gone, but it sure makes me nervous. My 64 bit etrust program(recommmended by Msoft, is not wholly live anyway, but is checking email live, and everything else, as scheduled. They can't fix it unless they talk to me on the phone, and that ain't gonna happen.
Anyone running a free (etrust is a 12 months free), programs on 64 bit windows without problem, is free to contact me. :) I need all the help I can get/////|||||\\\
Cyborg
mike.sartor.sr@gmail.com - Bananas21ca, on 10/12/2007, -0/+0Installed it but too lazy to reboot :P
- m00kie, on 10/12/2007, -0/+0MS just gave my Firefox some hate.
mookie switches to "IE" - inactive, on 10/12/2007, -0/+0It's out already! See cool screenshots here:
http://www.robert.to/reports/mswmfpatch.html - misterpony, on 10/12/2007, -0/+0THIS POST IS BETTER AND LINKS TO THE DOWNLOAD PAGE:
http://digg.com/software/Microsoft_releases_patch_for_WMF_Vulnerability
or here is the download link:
http://www.microsoft.com/technet/security/bulletin/ms06-001.mspx
Props to autobahn and sorry for the caps. - uberdisco, on 10/12/2007, -0/+0Its about time.
- inactive, on 10/12/2007, -0/+0good job bill gates
- inactive, on 10/12/2007, -0/+0It's already released!
- autobahn, on 10/12/2007, -1/+1Glad to see the most unhelpful of all of the links made the front page!
- inactive, on 10/12/2007, -0/+0http://www.microsoft.com/downloads/details.aspx?familyid=0c1b4c96-57ae-499e-b89b-215b7bb4d8e9&displaylang=en
- antdude, on 10/12/2007, -0/+0Go grab it from Windows Update. :)
- diggnationdevon, on 10/12/2007, -0/+0Good
- ericsr, on 10/12/2007, -0/+0Seems like there is a bug with the update for this patch. It installs successfully and I am then notified again (via system tray) for another update. Keeps doing this!
- jeff4379, on 10/12/2007, -0/+0Anyone seen an MSI for this patch or another way to script the install? (The .exe install switches to automatically reboot reboot everytime the file is run...ie every time the scripted install runs the computer reboots...over and over)
- Teratogen, on 10/12/2007, -0/+0Yeah, but that still sucks. Microsoft is well aware that many people still use Win 98, SE, and ME. They suck for not releasing patches for these OS's
- ipodman715, on 10/12/2007, -0/+0Ah, according to http://www.grc.com/sn/notes-020.htm :
"You SHOULD REMOVE THIS PATCH to restore full functionality to Windows Metafile processing once WIndows has been officially updated and repaired." - mtupker, on 10/12/2007, -0/+0I still think I'm going to wait a while and see if the patch breaks anything before deploying it to the rest of the systems at work. I understand how vital it was for Microsoft to get a patch out but I'm a little worried that Microsoft might have seen this as competition with the hexblog patch and released it before it is ready.
I can just hear some management at Microsoft saying something like, "I don't care if it crashes 10% of systems out there. The fact that someone else patched it first is making us look bad!" I'm probably just being paranoid. I guess I'll find out in a little bit
...
Installing (praying) - dJCL, on 10/12/2007, -0/+0Logged into the master SUS and WSUS servers at the office and just approved the update for all the unimportant people out there(they're the guinea pigs).
That's hundreds of computers patched by tomorrow for me, I think my work here is done for today. - mtupker, on 10/12/2007, -1/+1Mac has had its share of bugs as well.
- stealthninjaman, on 10/12/2007, -0/+0I did the fix that un-registered the .dll. How to to re-register it?
-Yes, I am ashamed I don't know. - theschles, on 10/12/2007, -0/+0gamerzworld: thanks for the info - I've added myself to the GRC update system.
jeff4379: What, so we're supposed to simply assume that nobody is using Windows 95, 98, Me, or NT and thus those will never be infected? Some people (like my wife) refuse to update to a newer version of Windows - her Windows 98SE PC is working just fine, so why pour money into a new computer? Yet that PC can easily now become a zombie should somebody skirt past the antivirus and firewall software I've loaded on it. Wake up and smell the coffee, dude. - Diseage, on 10/12/2007, -0/+0It's out. seems to work fine to me
- jeff4379, on 10/12/2007, -0/+0We still use Netware 5.11, we just accept that it's not supported by Novell.
- battybattybatt, on 10/12/2007, -0/+0"I wonder if this is an exact copy of the patch hexblog released on the 2nd?..
posted by harley999 (0) at 07:24"
Stop wondering.
Acknowledgments
Microsoft thanks the following for working with us to help protect customers:
• Dan Hubbard of WebSense(.com) for working with us on the Graphics Rendering Engine Vulnerability - CVE-2005-4560.
- battybattybatt, on 10/12/2007, -0/+0***** WASTE OF TIME LINK=
"http://update.microsoft.com/windowsupdate/v6/default.aspx?ln=en-us
There she blows
posted by misterpony (0) at 12"
BETTER LINK=
http://www.microsoft.com/technet/security/bulletin/ms06-001.mspx
(and this is NOT the download link!) - battybattybatt, on 10/12/2007, -0/+0"MS just gave my Firefox some hate.
mookie switches to "IE"
posted by m00kie (0) at "
And the WMF patch has absolutely NOTHING to do with using IE or not.
PERIOD. It has ONLY to do with Remote Code Execution which merely requires a computer to be online, browsing or not. - jeff4379, on 10/12/2007, -0/+0theschles said:
...Some people (like my wife) refuse to update to a newer version of Windows - her Windows 98SE PC is working just fine, so why pour money into a new computer? ...
Guess it's NOT working just fine now is it? This is why people upgrade. Take a car from 1930...it may run, but new cars are safer, more efficient, and have new features. Do you expect Ford to install seatbelts, airbags, and antilock breaks in your 1930 Ford? - tsupersonic, on 10/12/2007, -0/+0""MS just gave my Firefox some hate.
mookie switches to "IE"
posted by m00kie (0) at "
And the WMF patch has absolutely NOTHING to do with using IE or not.
PERIOD. It has ONLY to do with Remote Code Execution which merely requires a computer to be online, browsing or not."
I believe he was taking about using IE to goto windows update, hence Microsoft "hating" firefox. - joshwehatetech, on 10/12/2007, -0/+0Nod, there were some issues with a patch from Apple, but it was all but smacked down by Apple and their supporters. Every OS sucks.
- jeff4379, on 10/12/2007, -0/+0 "Microsoft rates it as a critical exploit, and is supposed to release patches for Win 98 and Win 98 SE and Win ME for critical exploits, so why didn't they?"
Because they are no longer supported.
http://support.microsoft.com/lifecycle/?p1=6513 - harley999, on 10/12/2007, -0/+0I wonder if this is an exact copy of the patch hexblog released on the 2nd?..
-
Show 51 - 75 of 75 discussions
The Digg Toolbar for Firefox lets you Digg, submit content, and keep track of Digg even when you're not on the Digg site. Download the official 
© Digg Inc. 2009
— Content created and posted by Digg users is