Microsoft to release “official” WMF patch – TODAY [updated]

for whatever reason (i wonder… .. … ….. ..) microsoft decided to release the “official” wmf patch today, ahead of schedule:
http://www.microsoft.com/technet/security/bulletin/advance.mspx

we will see how it differs from ilfak’s.

but as a friend said.. there are still 2 critical vulnerabilities to be released next black tuesday.

[updates] from matthew murphy:

according to my msrc source, the patch has hit wu now. the bulletin is
up as we speak:

http://www.microsoft.com/technet/security/bulletin/ms06-001.mspx

my tests indicate the updates are up as well:

windows 2000 sp4

http://www.microsoft.com/downloads/details.aspx?familyid=aa9e27bd-cb9a-4ef1-92a3-00ffe7b2ac74

windows xp sp1/sp2

http://www.microsoft.com/downloads/details.aspx?familyid=0c1b4c96-57ae-499e-b89b-215b7bb4d8e9

windows xp x64 edition

http://www.microsoft.com/downloads/details.aspx?familyid=3a1166e6-5e9e-4e73-bcd4-28eca6ece877

windows server 2003

http://www.microsoft.com/downloads/details.aspx?familyid=1584aae0-51ce-47d6-9a03-db5b9077f1f2

windows server 2003 for itanium

http://www.microsoft.com/downloads/details.aspx?familyid=6e372d41-2c16-415e-8306-a5ca8845cc09

windows server 2003 x64 edition

http://www.microsoft.com/downloads/details.aspx?familyid=a8f4dcba-5d28-4d9d-a6a4-3b71108cfe2d

there is *no patch* for windows 98, windows 98 se, or windows me at this
time.

a quick study of the bulletin reveals this from the faq:

“specifically, the change introduced to address this vulnerability
removes the support for the setabortproc record type from the
meta_escape record in a wmf image. this update does not remove support
for abortproc functions registered by application setabortproc() api calls.”

so, iow, it’s the same functionality as in ilfak’s patch, minus the hook.


gadi evron,
ge@beyondsecurity.com.

Share