Unofficial patch for the Windows WMF 0-day exploit

By on December 31, 2005, 7:02 PM
Ilfak Guilfanov has released an unofficial patch for the Windows WMF exploit we posted about earlier. I highly recommend you to install this patch. Reports from McAfee reveal that 6% of their customers have encountered the virus, which is a very very high number.

This is version 1.1, working on both Windows 2000 and XP SP1 and SP2. Remember to uninstall this patch before applying the official patch from Microsoft, whenever it is released, of course.

User Comments: 20

Got something to say? Post a comment
spike said:
Curious - Obviously, it wasn't so difficult to patch that a single person couldn't knock something together in a few days - so the question here is with the resources microsoft has at it's disposal, where's the official patch?
cyrax said:
6%? That is a pretty high number. That virus is spreading pretty quickly.
realblackstuff said:
Upon installation & reboot, my firewall (Agnitum Outpost Pro) notified me of a fair number of file-changes.Great find, Per!It's unlikely it will affect my PC, but: rather safe than sorry!Wonder if this guy Ilfak is going to be hired by M$, they should!
Handyman said:
Congratulations to Ilfak Guilfanov for writing the patch. Wonder why Microsoft hasn't done anything. Download and install.
Julio said:
[b]Originally posted by Handyman:[/b][quote]Congratulations to Ilfak Guilfanov for writing the patch. Wonder why Microsoft hasn't done anything. Download and install.[/quote]Don't be surprised if Microsoft didn't know about the flaw until an exploit was created, in such case, it's way easier to create an unofficial patch that won't work in all environments, or at least does not need to be tested throughfully as an official patch would because of obvious reasons.
robikewl said:
Thats a Wake up call for Microsoft. These guys should be proactive.
dbuske said:
I virus checked it before running it and no virus in the download.I ran the program and installed it. It hasn't caused any problems.
MonkeyMan said:
I'm for sure going to download the patch, the last thing I need is more viruses lol. McAfee is the number one virus protection program, so this is very serious. Thanks for the heads up on this issue.
PUTALE said:
MS is always slow in fixing these stuff. YOu wonder where is all the money they paid to all their software engineers:).
Strakian said:
Very impressive that one can come up with a patch for this. Microsoft is really busy trying to put out the new Vista, so perhaps they're dumping full on XP support in favor of making more money? noooo.. not Microsoft....
ThomasNews said:
The patch'll probably be released with the regular monthly releases I'd imagine, although that would make it this week/week after. They do occassionally release out of cycle though & given its actually being used I'd imagine they'd have toPivx Labs have their own proactive application you can install which protects Windows against multiple unpatched vulnerabilities & vulnerabilities which (regularly) weren't even being exploited (Or public anyway) at the time.
PanicX said:
This patch simply disables the SETABORT escape sequence. It's by no means a comprehensive patch. Simply another work around. Personally I feel responsiveness to major security issues like this will determine Microsoft's new "Security is Priority" philosophy. It's still understandable that a fix may take some time. They've got numerous OS platforms and applications versions to test and verify patch conclusiveness. However with the enoroumous amount of man power at Microsofts disposal, any serious flaw should be remedied in days, not weeks.
Race said:
I've installed the patch, and there are no issues on my system. The bottom line is that this patch is more effective than simply un-registering the file.I would think Microsoft is all over this, and wouldn't be surprised if they do a non-scheduled patch release.
Nodsu said:
Some feedback on the protection would be useful too. Anyone try to infect themselves after issuing the patch?
spike said:
actually, no - didn't think of that.I'll get VMWare running in a moment and take a look.
spike said:
personally, I couldn't infect myself using the patch (in VMWare anyway) using MSIE.
mentaljedi said:
Apparently, the new Windows Vista is supposed to be much more advanced with security etc... but reports i've read show this not to necesserily be the case. MS has never been very good with security, and so i would reccoment using this patch until Microsoft figure a way to fix the exploit rather than try to find away around it. Attack is the best form of defence after all...
luismigilbert said:
maybe this guy wrote the virus..i'm kidding...i think microsoft is 100% focus on Vista..or maybe they are writing a new service pack and planning to include a patch for this on it...
niti said:
This hotfix upset my Windows XP Pro OS. During xp start, the screen looks as have a topsy-turvy and all colors. Therefore, I entered to my system again in safe mode and unistalled it. My graphic card is ati radeon mobility x700.
arabic58 said:
MS$ says that they will release an official patch on 10-Jan-2006. I'm on MS$'s side. They can't afford to jump on every band wagon within 1 or 72 hours that comes across their desk. If this is so bad, turn off you MS$ computer so you won't get hit. If you have to use your MS$ computer, make sure you don't go to any questionable sites until after 10-Jan-06. What are you people worried about? Signed" XEN of the Linux user in Spring."
Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.