If geeks love it, we’re on it

Critical: Microsoft Release WMF Vulnerability Patch

Critical: Microsoft Release WMF Vulnerability Patch

Following up from this report, Microsoft have now released an official fix for the WMF Vulnerability in Windows. The update was expected January 10th, but it would appear Microsoft decided that the update was too important to just sit on the shelf until patch day. The update is available from Microsoft Update or directly from the security bulletin.

Download: [b]Windows 2000 SP4[/b] (599KB)
Download: [b]Windows XP[/b] (711KB)
Download: [b]Windows XP x64[/b] (1.1MB)
Download: [b]Windows Server 2003[/b] (715KB)
Visit: Microsoft Update
View: Microsoft Security Bulletin MS06-001

Does this update contain any security-related changes to functionality?
Yes. The change introduced to address this vulnerability removes the support for the SETABORTPROC record type from the META_ESCAPE record in a WMF image. This update does not remove support for ABORTPROC functions registered by application SetAbortProc() API calls.

[i]Thanks [b]Shwaip[/b][/i]

Source: Microsoft

Comments

  1. EMT
    EMT Neat, maybe it's giving them too much credit, but maybe MS only said Tuesday with the intent of releasing it earlier so worm writers and the like thought they'd have that time.
  2. Spinner
    Spinner
    EMT wrote:
    Neat, maybe it's giving them too much credit, but maybe MS only said Tuesday with the intent of releasing it earlier so worm writers and the like thought they'd have that time.
    Interesting point.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!