« Colossal Cave Adventure | Main | Guinea Pig - The Other White Meat »
January 4, 2006
Apply 3rd Party patch to MS to prevent .wmf exploit
The idiots at Microsoft have hosed us this time. There's a known vulnerability out there that exploits the way Windows handles Meta files (.wmf files). Microsoft is fully aware of the problem, and is testing a fix, but doesn't plan to release it for another 7 days, in their normal monthly scheduled patch of 1/10/2005. The problem is that there are thousands of sites exploiting this vulnerability today, installing malicious programs like viruses and trojan horses, surreptitiously creating botnets of tens of thousands of compromised computers.
CNet is recommending that Windows users install a 3rd party fix provided by Ilfak Guilfanov, instead of waiting for MicroSoft to get their act together. I updated my computers just now. :)
Update: Corrected .wmv to .wmf files per comments.
Update 2: The idiots at Microsoft got the message. There's no reason for millions of Windows computers with a known vulnerability to sit around collecting viruses while Microsoft sits on a known and tested solution. The only reason they weren't releasing it was because they wanted to wait until the 2nd Tuesday of the month, because that's when they normally release their patches. Obviously, this was a wreckless approach to managing software. Today, Microsoft did an about face and released the patch 6 days earlier than they'd originally planned. If you followed the directions to install the unofficial patch, follow these directions to uninstall the unofficial patch after installing Microsoft's patch.
Posted by Peenie Wallie on January 4, 2006 at 2:23 AM
Comments
Or get this.
There's a known vulnerability out there that exploits the way Windows Media Player handles .wmv files.
FYI: The problem is with WMF -- Windows Meta Files -- not WMV -- Windows Media Video.
Posted by: Robert Racansky on January 4, 2006 at 7:10 PM