TechSpot en EspaņolMost Popular
| Top Stories | Just in | Featured |
11 awesome applications you've never heard of featured
Microsoft to offer three-user Windows 7 Family Pack?
2K Games offers "Huge Game Pack" on Steam for $54
Fallout 3 gets 50% price cut on Steam this weekend
Apple issues advice on iPhone 3GS overheating
Firefox 3.5 breaks 5 million downloads in 24 hours
TechSpot RSSInformation Technology
Unofficial patch for the Windows WMF 0-day exploit
Ilfak Guilfanov has released an unofficial patch for the Windows WMF exploit we posted about earlier. I highly recommend you to install this patch. Reports from McAfee reveal that 6% of their customers have encountered the virus, which is a very very high number.
This is version 1.1, working on both Windows 2000 and XP SP1 and SP2. Remember to uninstall this patch before applying the official patch from Microsoft, whenever it is released, of course.
This is version 1.1, working on both Windows 2000 and XP SP1 and SP2. Remember to uninstall this patch before applying the official patch from Microsoft, whenever it is released, of course.
Related Stories
User Comments (20)
Post a comment| spike on December 31, 2005 9:37 PM | Curious - Obviously, it wasn't so difficult to patch that a single person couldn't knock something together in a few days - so the question here is with the resources microsoft has at it's disposal, where's the official patch?
|
| cyrax on December 31, 2005 10:12 PM | 6%? That is a pretty high number. That virus is spreading pretty quickly.
|
| realblackstuff on January 1, 2006 4:21 AM | Upon installation & reboot, my firewall (Agnitum Outpost Pro) notified me of a fair number of file-changes.
Great find, Per! It's unlikely it will affect my PC, but: rather safe than sorry! Wonder if this guy Ilfak is going to be hired by M$, they should!
|
| Handyman on January 1, 2006 5:43 AM | Congratulations to Ilfak Guilfanov for writing the patch. Wonder why Microsoft hasn't done anything.
Download and install.
|
| Julio on January 1, 2006 5:55 AM | Originally posted by Handyman:
Congratulations to Ilfak Guilfanov for writing the patch. Wonder why Microsoft hasn't done anything.
Download and install. Don't be surprised if Microsoft didn't know about the flaw until an exploit was created, in such case, it's way easier to create an unofficial patch that won't work in all environments, or at least does not need to be tested throughfully as an official patch would because of obvious reasons.
|
| robikewl on January 1, 2006 6:57 AM | Thats a Wake up call for Microsoft. These guys should be proactive.
|
| dbuske on January 1, 2006 10:01 AM | I virus checked it before running it and no virus in the download.
I ran the program and installed it. It hasn't caused any problems.
|
| MonkeyMan on January 1, 2006 10:54 AM | I'm for sure going to download the patch, the last thing I need is more viruses lol. McAfee is the number one virus protection program, so this is very serious. Thanks for the heads up on this issue.
|
| PUTALE on January 1, 2006 12:17 PM | MS is always slow in fixing these stuff. YOu wonder where is all the money they paid to all their software engineers  .
|
| Strakian on January 1, 2006 1:10 PM | Very impressive that one can come up with a patch for this. Microsoft is really busy trying to put out the new Vista, so perhaps they're dumping full on XP support in favor of making more money? noooo.. not Microsoft....
|
| ThomasNews on January 1, 2006 6:14 PM | The patch'll probably be released with the regular monthly releases I'd imagine, although that would make it this week/week after. They do occassionally release out of cycle though & given its actually being used I'd imagine they'd have to
Pivx Labs have their own proactive application you can install which protects Windows against multiple unpatched vulnerabilities & vulnerabilities which (regularly) weren't even being exploited (Or public anyway) at the time.
|
| PanicX on January 1, 2006 6:38 PM | This patch simply disables the SETABORT escape sequence. It's by no means a comprehensive patch. Simply another work around. Personally I feel responsiveness to major security issues like this will determine Microsoft's new "Security is Priority" philosophy. It's still understandable that a fix may take some time. They've got numerous OS platforms and applications versions to test and verify patch conclusiveness. However with the enoroumous amount of man power at Microsofts disposal, any serious flaw should be remedied in days, not weeks.
|
| Race on January 1, 2006 8:10 PM | I've installed the patch, and there are no issues on my system. The bottom line is that this patch is more effective than simply un-registering the file.
I would think Microsoft is all over this, and wouldn't be surprised if they do a non-scheduled patch release.
|
| Nodsu on January 2, 2006 1:14 AM | Some feedback on the protection would be useful too. Anyone try to infect themselves after issuing the patch?
|
| spike on January 2, 2006 2:35 AM | actually, no - didn't think of that.
I'll get VMWare running in a moment and take a look.
|
| spike on January 2, 2006 3:21 AM | personally, I couldn't infect myself using the patch (in VMWare anyway) using MSIE.
|
| mentaljedi on January 2, 2006 8:39 AM | Apparently, the new Windows Vista is supposed to be much more advanced with security etc... but reports i've read show this not to necesserily be the case. MS has never been very good with security, and so i would reccoment using this patch until Microsoft figure a way to fix the exploit rather than try to find away around it. Attack is the best form of defence after all...
|
| luismigilbert on January 2, 2006 10:21 AM | maybe this guy wrote the virus..i'm kidding...i think microsoft is 100% focus on Vista..or maybe they are writing a new service pack and planning to include a patch for this on it...
|
| niti on January 3, 2006 9:56 AM | This hotfix upset my Windows XP Pro OS. During xp start, the screen looks as have a topsy-turvy and all colors. Therefore, I entered to my system again in safe mode and unistalled it. My graphic card is ati radeon mobility x700.
|
| arabic58 on January 3, 2006 12:12 PM | MS$ says that they will release an official patch on 10-Jan-2006. I'm on MS$'s side. They can't afford to jump on every band wagon within 1 or 72 hours that comes across their desk. If this is so bad, turn off you MS$ computer so you won't get hit. If you have to use your MS$ computer, make sure you don't go to any questionable sites until after 10-Jan-06. What are you people worried about? Signed" XEN of the Linux user in Spring."
|
