Educause Security Discussion mailing list archives
Re: Jan 10 is the Microsoft stated release date for a WMF page -- was : what is your advice to your users
From: Steve Worona <sworona () EDUCAUSE EDU>
Date: Tue, 3 Jan 2006 08:22:41 -0500
There's tons of press on the WMF exposure/exploit (still a slow time for other news) and blogs galore. This one appears to be better than most: http://blogs.technet.com/jesper_johansson/archive/2006/01/02/416762.aspx Steve -- Steven L. Worona Director of Policy and Networking Programs EDUCAUSE / 1150 18th St. NW suite 1010 / Washington, DC 20036 202-872-4200 x 5358 / 202-872-4318 fax / sworona () educause edu ----- At 7:17 AM -0500 1/3/06, H. Morrow Long wrote:
On Jan 2, 2006, at 4:24 PM, Sadler, Connie wrote:Does anyone know how close we are to a patch from Microsoft? ... Anybody have some status?January 10 (one week from today) is Microsoft's goal for a patch. The following was posted today on the updated MS advisory page ( http://www.microsoft.com/technet/security/advisory/912840.mspx ) Microsoft Security Advisory (912840) Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution. Published: December 28, 2005 | Updated: January 3, 2006 On Tuesday, December 27, 2005, Microsoft became aware of public reports of malicious attacks on some customers involving a previously unknown security vulnerability in the Windows Meta File (WMF) code area in the Windows platform. Upon learning of the attacks, Microsoft mobilized under its Software Security Incident Response Process (SSIRP) to analyze the attack, assess its scope, define an engineering plan, and determine the appropriate guidance for customers, as well as to engage with anti- virus partners and law enforcement. Microsoft confirmed the technical details of the attack on December 28, 2005 and immediately began developing a security update for the WMF vulnerability on an expedited track. Microsoft has completed development of the security update for the vulnerability. The security update is now being localized and tested to ensure quality and application compatibility. Microsoft's goal is to release the update on Tuesday, January 10, 2006, as part of its monthly release of security bulletins. This release is predicated on successful completion of quality testing. ...
Current thread:
- Re: Jan 10 is the Microsoft stated release date for a WMF page -- was : what is your advice to your users Steve Worona (Jan 03)
- <Possible follow-ups>
- Re: Jan 10 is the Microsoft stated release date for a WMF page -- was : what is your advice to your users jack suess (Jan 03)
- Re: Jan 10 is the Microsoft stated release date for a WMF page -- was : what is your advice to your users Brawner, David (Jan 03)
- Re: Jan 10 is the Microsoft stated release date for a WMF page -- was : what is your advice to your users Gary Flynn (Jan 03)