Businesses Urged To Use Unofficial Windows Patch 374
frankie writes "ZDNet is reporting on the latest dire pronouncements about the WMF vulnerability. The problem is so serious that security experts are urging IT firms to use the unofficial patch. Microsoft's current goal is to release the update on Tuesday." From the ZDNet article: "This is a very unusual situation -- we've never done this before. We trust Ilfak, and we know his patch works. We've confirmed the binary does what the source code said it does. We've installed the patch on 500 F-Secure computers, and have recommended all of our customers do the same. The businesses who have installed the patch have said it's highly successful" It's big enough that even mainstream media is covering the flaw.
Does MS view this as important? (Score:5, Interesting)
It brings interesting schemes into my mind. Oh don't mind me, I'm just going to grab my tin foil hat.
Re:Does MS view this as important? (Score:4, Interesting)
block wmf (Score:2, Interesting)
MS has to test very extensively (Score:5, Interesting)
In some cases, particularly when the Internet Explorer browser is involved, the testing process "becomes a significant undertaking," Toulouse said. "It's not easy to test an IE update. There are six or seven supported versions and then we're dealing with all the different languages. Our commitment is to protect all customers in all languages on all supported products at the same time, so it becomes a huge undertaking."
Re:Does MS view this as important? (Score:2, Interesting)
F-Secure are publicity sluts (Score:2, Interesting)
Also, the quote in the headline is from F-Secure recommending installation of the 3rd party patch, not from ZDNet as the headline may lead you to believe.
Whoa, that's really bizarre (Score:5, Interesting)
This article isn't anything like the one that I submitted.
Mine looked more like this (body content from memory):
What will be especially interesting... (Score:4, Interesting)
It would be deliciously muddying for Microsoft if someone discovered significant parts of the unofficial patch in the official one.
avast (Score:2, Interesting)
Exploit to fix the exploit? (Score:3, Interesting)
It's good to see that Microsoft is keeping things consistent in this new year. As an administrator, I was worried I would have to learn something new. Rinse, lather, patch, repeat.
Re:Watch the video! - COOL! (Score:3, Interesting)
My company already used the unofficial patch... (Score:3, Interesting)
Re:block wmf (Score:5, Interesting)
Note the key difference between an OS (your example) and a browser (reality).
What happens when the official patch comes out? (Score:4, Interesting)
Re:MS workaround (Score:1, Interesting)
shimgvw.dll calls gdi32.dll's Escape() function using SETABORTPROC. How many other dlls do the same? (The unofficial patch is supposed to ignore that parameter when Escape() is called.) How many other parameters allow for similar exploits?
And just try to run a Windows machine with gdi32 unregistered... look ma, no graphics!
This sucks, big time.
Re:Bullshit. (Score:3, Interesting)
Early on, I distincly remember using WMF, mostly because I assumed something with Windows in the name would have better support from Word and the operating system. Presumably other users made the same mistake.
Will we be opening old documents and finding the images broken if this patch disables part of the MS WMF parsing ability?
Re:Does MS view this as important? (Score:4, Interesting)
"Oh, what a horrible situation -- we could issue our own fix that we've written to help you out, MS -- it's ready to go, we know it works -- but due to the DMCA, Trusted Computing, numerous restrictive MS EULAs and the general legal climate you and other large proprietary software vendors have created, we are genuinely afraid to release our change, as it has required us to disassemble, reverse-engineer and generally do things that you would sue us for. Sorry. Good luck to your *own* patch team."
Why, from a moral standpoint, should anyone help MS do their QA? They certainly have proven themselves willing to sue anyone for any number of reasons relating to reverse-engineering their code -- after all, their philosophy is that no one outside of their teams should know about the OS internals in this way.
They can't have it both ways -- either welcome the users' rights to improve the system they paid for, or don't.
(Yes, I realize that this patch was made to benefit the public in general, and to defend everyone's systems, not directly to benefit MS. But MS does get a free lunch out of this, in some respects.)
Re:Typical non-tech media distort-o-fest. (Score:2, Interesting)
Legacy apps will break (Score:3, Interesting)
I have witnessed first hand how Guilfanov's unofficial patch [hexblog.com] will break some legaccy apps. The one in question was a 16-bit app (based on Access 2.0). After applying the patch, it was impossible to print some forms (we received an error). Sure, we uninstalled the patch and printing was OK again.
So therefore the interesting thing about the upcoming Microsoft patch is, how are they going to patch the hole without breaking the legitimate uses of the affected gdi functions???
Re:Are you kidding? (Score:2, Interesting)
shimgvw.dll does not exist on Win 3.1/95/98/NT 4.0 (Score:1, Interesting)
Naturally, the dll and the file association exist on Windows XP. (I copied NT 4's File Manager over to verify that it opens with rundll32.)
Does anyone know if older versions of Windows are impacted in any way? Is there a Proof Of Concept out there that I can use to verify?
Re:The problem is... (Score:3, Interesting)