Dan Posted January 2, 2006 Report Share Posted January 2, 2006 (edited) Hey everyone,I was reading a few days ago, and stumbled apon this:http://www.hexblog.com/2005/12/wmf_vuln.html#moreThis is a temporary patch which is approved by SANS. This is a needed thing, but is only temporary!When Microsoft Issues a patch, please use that one!Here are the technical details:this is a DLL which gets injected to all processes loading user32.dll.It patches the Escape() function in gdi32.dll. The result of the patch is that the SETABORT escape sequence is not accepted anymore.I can imagine situations when this sequence is useful. My patch completely disables this escape sequence, so please be careful. However, with the fix installed, I can browse files, print them and do other things.If for some reason the patch does not work for you, please uninstall it. It will be in the list of installed programs as "Windows WMF Metafile Vulnerability HotFix". I'd like to know what programs are crippled by the fix, please tell me.Also, take a look at this post over at Computer Trouble forums. It has a bunch of information, and is really helpful I believe that all of the sites that have HOSTS files are updating them so that the wmf exploit gets blocked.Danny Edited January 2, 2006 by Danny Quote Link to post Share on other sites
Dan Posted January 4, 2006 Author Report Share Posted January 4, 2006 Hexblog is down because of too much trafic... :xThe patch is hosted here: http://handlers.sans.org/tliston/wmffix_hexblog14.exeAnd CCops is going to host a board for Ilfak.... Quote Link to post Share on other sites
TheTerrorist_75 Posted January 5, 2006 Report Share Posted January 5, 2006 (edited) Pete_C posted this at G$.Lots of bad advice for critical WMF vulnerability!As they say, most of these recommended fixes are worthless, giving false sense of security.The best thing to do is turn on hardware DEP if your motherboard supports it and unregister the dll by going to start / run and typeregsvr32 /u shimgvw.dllThis disables the dll file being exploited so that it cannot happen. Then once microsoft releases the patch (new version of the dll) you just go and typeregsvr32 /i shimgvw.dllTo install and activate it. Edited January 5, 2006 by TheTerrorist_75 Quote Link to post Share on other sites
Dan Posted January 10, 2006 Author Report Share Posted January 10, 2006 Great news!!!A WMF Patch has been released!http://www.microsoft.com/athome/security/u...200601_WMF.mspxDanny Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.