S
s|b
From <http://www.hexblog.com> (where an unofficial patch - with MD5
checksum - has been available for a couple of days now):
<quote>
Download WMF vulnerability hotfix
The hotfix for the WMF vulnerability can be downloaded from any of the
following URLs:
* http://www.grc.com/miscfiles/wmffix_hexblog14.exe
* http://handlers.sans.org/tliston/wmffix_hexblog14.exe
*
http://castlecops.com/modules.php?name=Downloads&d_op=getit&lid=496
* http://csc.sunbelt-software.com/wmf/wmffix_hexblog14.exe
* http://www.antisource.com/download/wmffix_hexblog14.exe
* http://hexblog.axmo12.de/wmffix_hexblog14.exe
* http://www.dsinet.org/files/wmffix_hexblog14.exe
* http://lab.nsl.it/wmffix_hexblog14.exe
The MD5 checksum of the file is 15f0a36ea33f39c1bcf5a98e51d4f4f6.
MSI repackages can be downloaded here:
* http://accentconsulting.com/wmf.shtml by Brian Higgins (MD5:
a5108c0fa866101d79bb8006617641ee)
* http://handlers.sans.org/tliston/WMFHotfix-1.1.14.msi by Evan
Anderson (MD5: 0dd56dac6b932ee7abf2d65ec34c5bec)
* http://hexblog.axmo12.de/WMFHotfix-1.1.14.msi by Evan Anderson
(MD5: 0dd56dac6b932ee7abf2d65ec34c5bec)
The WMF vulnerability checker can be downloaded from the following
URLs:
* http://www.grc.com/miscfiles/wmf_checker_hexblog.exe
*
http://castlecops.com/modules.php?name=Downloads&d_op=getit&lid=495
* http://csc.sunbelt-software.com/wmf/wmf_checker_hexblog.exe
* http://www.antisource.com/download/wmf_checker_hexblog.exe
* http://hexblog.axmo12.de/wmf_checker_hexblog.exe
The MD5 checksum of the file is ba65e1954070074ea634308f2bab0f6a.
A discussion forum is open here. It has courteously been offered by
CastleCops.
A FAQ is available here.
Due to incredibly high load, the page has been reduced to the bare
minimum.
Thanks for understanding.
Safe computing!
Ilfak Guilfanov
</quote>
A
Art
But not for Win 9X/ME ... which was the point of my post. I've already
posted what you posted here in a different thread.
Art
http://home.epix.net/~artnpeg
?
=?ISO-8859-1?Q?=BBQ=AB?=
Thanks, Art!
S
s|b
My bad. I was under the impression that the patch from Ilfak Guilfanov
worked for all versions of Windows (and I must have missed that other
thread...).
S
Sietse Fliege
»Q« said:
Thanks to both of you, »Q« and Art.
Much obliged.
J
jacaranda
Ditto that!
C
Clif Notes
Art said:
Today at work we saw our first casualty due to the WMF exploit. One of
my co-workers was foolishly searching for and downloading screen
savers. Fortunately our IS department noticed the infected machine
probing our intranet. The machine was taken offline and given a
complete wipe. My co-worker will now spend a good part of tomorrow
re-loading all the special software they were running. It's a hard
lesson, but not nearly as hard to take as the chuckles around the water
cooler. LOL
I'm guessing it will be a while before they load any screen savers.
Based on what I saw today, I went out and loaded this patch from NOD32.
I had seen the earlier Russian patch and found it would not work on my
WinME machines. This one has the added feature of having a valid
uninstaller that can be accessed from the add-remove panel.
Thank you for posting the link Art, good job.
Have fun!
Clif
http://freewarewiki.pbwiki.com & http://clifnotes.tk
Devoted to promoting Freeware and Free Information
C
Clif Notes
Art said:
Cool, just checked out your site Art. Just added you to my links page.
http://freewarewiki.pbwiki.com/ClifsLinks
Nice little programs. Well done!
A