UPDATE: January 5, 2006
Microsoft has moved the release of their patch ahead to today:
WMF Microsoft Patch
The patch listed below is no longer necessary (as far as I know), but the other info is useful.
Remember to uninstall the previous patch before you use the new one.
If you read the Windows Zero Day WMF Exploit then I am letting you know that you might be able to go online again.
I just got back in town last night and so I am catching up on the info. I have some links from the Internet Storm Center at sans.com have som
They have been posting regularly about it in their diary, but it is easy for the recent links to drop and be lost.
I have gathered them here:
- A big WMF Exploit FAQ (A Must Read)
- An explanation of workarounds and patches
- An easy to use .msi Hotfix installation file (uninstallable through Add/Remove Programs)
- Information about how the WMF exploit is being used
- A plea for using the patches
It looks as though Microsoft may not be releasing a patch fomr Win98 or WinMe. Someone else may, but this may urge people to move on.
Added: You can get the original .exe file from http://www.hexblog.com/, the site is doing better since it was taken down to bare html and load balanced.
0 Responses to “Zero-Day WMF Exploit Patch”