|
I’m sure that everyone’s concerned with the WMF
exploit. Microsoft says that they’ll have a patch for the Jan 10th
rollout. If you don’t want to wait, there more info and a patch
available at http://isc.sans.org The text of their write up is: Tom Liston - Intelguardians Network
Intelligence, L.L.C. .MSI installer file for WMF
flaw available (NEW)
Published: 2006-01-03, For all of you corporate folk out
there, we now have a .msi installer file available for version 1.4 of Ilfak
Guilfanov's unofficial patch for the Windows .WMF flaw. A very big
"thank you" goes out to Evan Anderson of Wellbury Information
Services, L.L.C. for his diligent efforts to get this put together. Note:
Like Mr. Guilfanov's original patch, this will dump out not only Guilfanov's
source code, but also the code that Evan wrote to do the install from within
the .msi. Note also: We have reverse engineered and verified that
the installation/uninstallation code in the .msi does what it says it does and
nothing more. The wmfhotfix.dll installed is the binary equivalent of the
previously vetted version 1.4. |
