Just a short issue to give you an update on the WMF exploit and patch following our newsletter late last week .
Just a short issue to give you an update on the WMF exploit and patch following our newsletter late last week. All that done we’ll get back to the rest of our vacation!
We’ve published Office Watch from some strange places over the years but this one is truly amazing. Both this issue and the previous one were created off the Galapagos islands on a wonderful ship (Celebrity Expedition) with satellite Internet access.
We hope you all had a good Christmas / New Year break too.
WMF EXPLOIT FIXED
Microsoft more quickly than they had previously announced and released a fix for the now infamous WMF exploit late in the week.
The fix is tiny and was ‘pushed’ out to anyone who has Windows Automatic Updates running. It requires a restart of your computer.
But you’re forgiven for not knowing that the patch offered had anything to do with the problem that had many people worried. In a typical piece of Microsoft obfuscation, there was no obvious reference to the ‘WMF’ problem in the title and description of the patch.
For the record the patch labeled “Vulnerability in graphics rendering engine could allow remote code execution ” is really the WMF Exploit patch.
Though there is a page headed “Security update for WMF vulnerability “
WMF EXPLOIT PATCH DETAILS
If you want to deploy the update within a company or just don’t trust Windows Automatic Update then you can go here for links to the stand-alone patches for various versions of Windows including Windows Server releases.
Network admins can use Systems Management Server or Microsoft Baseline Security Analyzer (v 1.2.1 or v2) to ensure computers have the patch installed.
If you want to double-check the presence of the patch on an individual machine without those services you have two choices:
- Run Windows Update (in IE Tools | Windows Update) and install any critical updates suggested. If there’s none then you know the patch is already installed.
- Go to Control Panel | Add / Remove Programs and check the box ‘Show updates’ if available. Scroll down to the long list of Windows updates and make sure there’s one listed for KB912919
Users of Windows 98, 98SE or ME, Microsoft does not consider the problem sufficiently ‘critical’ to justify a patch for these older operating systems. This is strange because Microsoft has defined the problem as ‘critical’ themselves. Microsoft has a lot of jargon and weasel words but it boils down to ” you’re on your own “.
Much the same goes for Windows NT and Windows 2000 (SP3 and before) users.
Have a look at the FAQ section on this page for the official Microsoft position.
There are unofficial and unsupported patches available from various web sites, especially before the Microsoft patch was released. Some readers asked why we didn’t recommend these patches in our last newsletter. We’re extremely reluctant to suggest using any unofficial patch, especially one from an unknown source that we’ve not been able to test ourselves. We’re cautious for ourselves and our readers in suggesting a ‘cure’ that may be worse than the original disease.
Given the potential for infection simply by viewing a WMF image on a web site or email, we suggest you get this update asap.
