Olive Branch Optimism
what a wonderful world...
Friends
Abu KhaleelAnarki 13
Asterism
Aunt Najma
Baghdad Treasure
Chikitita
Faiza Al-Araji
HNK (Moslawi Girl)
Iraq The Model
Iraqi Roses
Khalid Jarrar
Konfused Kid
Mama (Emotions)
Miraj
Mix Mode Max
Morbido
Nadia
Neurotic Wife
Rasheed's World
Riverbend
Sunshine
Twenty Four Steps
Who Was There??
Why Dubai???
Zappy
Archives
April 2005May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
November 2006
December 2006
January 2007
February 2007
March 2007
July 2007
October 2007
November 2007
December 2007
March 2008
April 2008
Tuesday, January 03, 2006
THE FIX
Go download this fix an install it! NOW!
Any IMAGE file on the ENTIRE INTERNET COULD CONTAIN A VIRUS. YOUR SYSTEM IF YOU ARE RUNNING ANY WINDOWS VERSION FROM 3.0 UPWARD IS VULNERABLE (until you install said patch).
Here is the story courtesty of http://www.hexblog.com/ - thank god for independant coders *gets on his Knee's and says a prayer thanking Ilfak Guilfanov for his quick reaction.
Windows WMF Metafile Vulnerability HotFix
This week a new vulnerability was found in Windows:
http://www.microsoft.com/technet/security/advisory/912840.mspx
Browsing the web was not safe anymore, regardless of the browser. Microsoft will certainly come up with a thouroughly tested fix for it in the future, but meanwhile I developed a temporary fix - I badly needed it.
The fix does not remove any functionality from the system, all pictures will continue to be visible. You can download it here:
http://www.hexblog.com/security/files/wmffix_hexblog14.exe
It should work for Windows 2000, XP 32-bit, XP 64-bit, and Windows Server 2003.
Technical details: this is a DLL which gets injected to all processes loading user32.dll.
It patches the Escape() function in gdi32.dll. The result of the patch is that the SETABORT escape sequence is not accepted anymore.
I can imagine situations when this sequence is useful. My patch completely disables this escape sequence, so please be careful. However, with the fix installed, I can browse files, print them and do other things.
If for some reason the patch does not work for you, please uninstall it. It will be in the list of installed programs as "Windows WMF Metafile Vulnerability HotFix". I'd like to know what programs are crippled by the fix, please tell me.
I recommend you to uninstall this fix and use the official patch from Microsoft as soon as it is available.
The fix can be applied in the automatic mode using the following command line:
wmffix_hexblog14.exe /VERYSILENT /SUPPRESSMSGBOXES
These switches do not suppress dialog boxes about installation errors.
The /LOG="file" switch can be added to the command line to create a log file.
The usual software disclaimer applies...
File: wmffix_hexblog14.exe (the source code is included)
UPD: more error checking
UPD: Version 1.1 with Win2000 support
UPD: Version 1.2: if the hotfix has already been applied to the system, inform the user at the second installation attempt.
UPD: Version 1.3: added support for Windows 2000 SP4
UPD: added information about silent mode
UPD: comments are turned off to save the bandwidth. if you know how to organize discussion, please contact me.
UPD: Version 1.4: completely silent mode, suitable for use in the scripts (see this entry for more details)
There is no need to reinstall anything!
Old hotfixes are perfectly ok.
Posted by Ilfak Guilfanov on December 31, 2005 06:53 AM
Go download this fix an install it! NOW!
Any IMAGE file on the ENTIRE INTERNET COULD CONTAIN A VIRUS. YOUR SYSTEM IF YOU ARE RUNNING ANY WINDOWS VERSION FROM 3.0 UPWARD IS VULNERABLE (until you install said patch).
Here is the story courtesty of http://www.hexblog.com/ - thank god for independant coders *gets on his Knee's and says a prayer thanking Ilfak Guilfanov for his quick reaction.
Windows WMF Metafile Vulnerability HotFix
This week a new vulnerability was found in Windows:
http://www.microsoft.com/technet/security/advisory/912840.mspx
Browsing the web was not safe anymore, regardless of the browser. Microsoft will certainly come up with a thouroughly tested fix for it in the future, but meanwhile I developed a temporary fix - I badly needed it.
The fix does not remove any functionality from the system, all pictures will continue to be visible. You can download it here:
http://www.hexblog.com/security/files/wmffix_hexblog14.exe
It should work for Windows 2000, XP 32-bit, XP 64-bit, and Windows Server 2003.
Technical details: this is a DLL which gets injected to all processes loading user32.dll.
It patches the Escape() function in gdi32.dll. The result of the patch is that the SETABORT escape sequence is not accepted anymore.
I can imagine situations when this sequence is useful. My patch completely disables this escape sequence, so please be careful. However, with the fix installed, I can browse files, print them and do other things.
If for some reason the patch does not work for you, please uninstall it. It will be in the list of installed programs as "Windows WMF Metafile Vulnerability HotFix". I'd like to know what programs are crippled by the fix, please tell me.
I recommend you to uninstall this fix and use the official patch from Microsoft as soon as it is available.
The fix can be applied in the automatic mode using the following command line:
wmffix_hexblog14.exe /VERYSILENT /SUPPRESSMSGBOXES
These switches do not suppress dialog boxes about installation errors.
The /LOG="file" switch can be added to the command line to create a log file.
The usual software disclaimer applies...
File: wmffix_hexblog14.exe (the source code is included)
UPD: more error checking
UPD: Version 1.1 with Win2000 support
UPD: Version 1.2: if the hotfix has already been applied to the system, inform the user at the second installation attempt.
UPD: Version 1.3: added support for Windows 2000 SP4
UPD: added information about silent mode
UPD: comments are turned off to save the bandwidth. if you know how to organize discussion, please contact me.
UPD: Version 1.4: completely silent mode, suitable for use in the scripts (see this entry for more details)
There is no need to reinstall anything!
Old hotfixes are perfectly ok.
Posted by Ilfak Guilfanov on December 31, 2005 06:53 AM
0 Comments:
About
Me
Name::olivebranch
From::Perth, Western Australia, Australia
More Stuff