Critical: Microsoft Release WMF Vulnerability Patch

SpinnerSpinner Birmingham, UK
edited January 2006 in Science & Tech
Following up from this report, Microsoft have now released an official fix for the WMF Vulnerability in Windows. The update was expected January 10th, but it would appear Microsoft decided that the update was too important to just sit on the shelf until patch day. The update is available from Microsoft Update or directly from the security bulletin.

Download: Windows 2000 SP4 (599KB)
Download: Windows XP (711KB)
Download: Windows XP x64 (1.1MB)
Download: Windows Server 2003 (715KB)
Visit: Microsoft Update
View: Microsoft Security Bulletin MS06-001
Does this update contain any security-related changes to functionality?
Yes. The change introduced to address this vulnerability removes the support for the SETABORTPROC record type from the META_ESCAPE record in a WMF image. This update does not remove support for ABORTPROC functions registered by application SetAbortProc() API calls.
Thanks Shwaip

Source: Microsoft

Comments

  • EMTEMT Seattle, WA Icrontian
    edited January 2006
    Neat, maybe it's giving them too much credit, but maybe MS only said Tuesday with the intent of releasing it earlier so worm writers and the like thought they'd have that time.
  • SpinnerSpinner Birmingham, UK
    edited January 2006
    EMT wrote:
    Neat, maybe it's giving them too much credit, but maybe MS only said Tuesday with the intent of releasing it earlier so worm writers and the like thought they'd have that time.
    Interesting point.
Sign In or Register to comment.