also @ TechSpot: Google warns users infected with DNSChanger malware, provides help

Microsoft Official patch for WMF flaw released

By

On January 5, 2006, 3:08 PM EST

Microsoft just released the official patch for the WMF flaw, 5 days in advance from the "January Patch Tuesday". Go to Windows Update to download the patch, system administrators can use the redistributable version instead, available on this page along with additional information about the patch. If you installed Ilfak's unofficial patch you should probably uninstall it and reboot first.

No tags on this story

User Comments (18)

Post a comment
phantasm66
on January 5, 2006
3:09 PM
Excellent! Heading there now.

Reply

phantasm66
on January 5, 2006
3:18 PM
OK I just installed it. You need to reboot. After rebooting, I re-registered the dll with this command:regsvr32 %windir%system32shimgvw.dll...and turned Google Desktop back on.

Reply

Crofty74
on January 5, 2006
4:18 PM
Thanks for the heads up, popping over now.

Reply

luismigilbert
on January 5, 2006
4:59 PM
great work from microsoft...took a while but finally here...

Reply

PanicX
on January 5, 2006
5:07 PM
8 days after the first report of the exploit in the wild. Thats pretty good given Microsofts track record. I'm especially impressed that they didn't wait on the patch release cycle.

Reply

nathanskywalker
on January 5, 2006
5:09 PM
Pheww, was holding my breath there, well not really. Good that they got the update out, but Microsoft really should make windows update compatible with firefox...

Reply

krugger
on January 5, 2006
5:27 PM
[b]Originally posted by nathanskywalker:[/b][quote]Pheww, was holding my breath there, well not really. Good that they got the update out, but Microsoft really should make windows update compatible with firefox...[/quote][url]http://windowsupdate.62nds.com/[/url]
rd party site, works for me though.

Reply

Masque
on January 5, 2006
6:04 PM
I was surprised when I logged in this evening to see that sitting in my tray ready to run. Glad they pushed it out. I'm sure it wouldn't have been long before something came out to exploit this.

Reply

MonkeyMan
on January 5, 2006
8:04 PM
Its great that they came out with this new patch, and it should be useful to everyone that downloads it. I know I will be downloading it for sure.

Reply

brownpaper
on January 6, 2006
2:18 AM
[quote][b]Are Windows 98, Windows 98 Second Edition, or Windows Millennium Edition critically affected by one or more of the vulnerabilities that are addressed in this security bulletin?[/b]No. Although Windows 98, Windows 98 Second Edition, and Windows Millennium Edition do contain the affected component, the vulnerability is not critical because an exploitable attack vector has not been identified that would yield a Critical severity rating for these versions. For more information about severity ratings, visit the following Web site.[/quote]So, are the older versions of Windows vulnerable or not vulnerable? There is a vulnerabilty, but there is no way to attack this vulnerability? Huh? Wtf?

Reply

zachig
on January 6, 2006
4:13 AM
FINALLY. Thanks Microsoft.

Reply

Per Hansson
on January 6, 2006
6:25 AM
brownpaper; I think that if you have a third party app that uses the vulnerable dll's in Windows 98, heck, even 95 and 3.0 is vulnerable... But Microsoft does not want to fix them, as they do not include an application that can view wmf files on those OS'es... That's my take on it anyway...

Reply

Rage_3K_Moiz
on January 6, 2006
6:35 AM
A rare bout of good work from Microsoft's part.

Reply

asphix
on January 6, 2006
7:09 AM
Thanks for the info techspot! Going to push it out to our cleint PC's later this morning!This was much sooner than expected. A nice surprise from Microsoft for sure.

Reply

vnf4ultra
on January 6, 2006
7:50 AM
[b]Originally posted by phantasm66:[/b][quote]OK I just installed it. You need to reboot. After rebooting, I re-registered the dll with this command:regsvr32 %windir%system32shimgvw.dll...and turned Google Desktop back on.[/quote]I just did the same, except the page I read said to execute "regsvr32 shimgvw.dll", instead of "regsvr32 %windir%system32shimgvw.dll", what's the difference? It seemed to work when I did it.

Reply

asphix
on January 6, 2006
8:42 AM
Its the same command, just one is a short hand way of doing it. The first way is the method you would take if wanted more control over the exact .dll to install. The first way basically says "register this .dll in this folder" where the other one just says "register this .dll"For example, if you wanted to register a .dll that is in the "program filesapplication" directory you would type regsvr32 c:program filesapplicationthedll.dllregsvr32 = command to register a .dll with the OS%windir% = command for the windows Directory (sometimes Windows, sometimes winNT)

Reply

mentaljedi
on January 6, 2006
3:37 PM
I'm sure everyone is thinking "FINALLY!". And so am i. THank goodness. Microsoft... you took your time you really did.

Reply

Race
on January 8, 2006
7:23 PM
Just a reminder.......you need to re-register the related 'shimgvw.dll' file BEFORE installing the patch.

Reply

Browse more commented news

Post a new comment

Guest user

To post as an anonymous
user click here
.

Members

If you are a TechSpot member,
please login first.


By signing up you gain complete access to the TechSpot community. Join thousands of computer and technology enthusiasts that contribute and share knowledge in our forum. Post messages, get a private inbox, upload your own photo gallery and more.

Subscribe to TechSpot

Get free exclusive content, learn about new features and tech breaking news.