Re: Jan 10 is the Microsoft stated release date for a WMF page -- was : what is your advice to your users

["Brawner, David" <dbrawner () MARYVILLE EDU>]

Here at Maryville, we took a proactive approach and decided that it was
better to inconvenience our users a little than to get hacked by an
exploit of this vulnerability.  We distributed the "regserv32 -u..."
command that Microsoft refers to in the "Suggested Actions" section of
the security advisory.  We pushed it out silently to all of our
workstations through our Novell Zenworks application distribution
system.

We have tested and found that we can successfully reverse the effects
with the same command (without the -u) once the patch is available.  We
are also informing our users of this vulnerability and the actions we
have taken.

So far, everything has gone well.  We have had only a few calls
regarding the user's inability to open JPG and WMF files by
double-clicking on them. 


David S. Brawner
Manager of Network & User Services
Maryville University of Saint Louis
 

-----Original Message-----
From: H. Morrow Long [mailto:morrow.long () YALE EDU] 
Sent: Tuesday, January 03, 2006 6:17 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Jan 10 is the Microsoft stated release date for a
WMF page -- was : what is your advice to your users

On Jan 2, 2006, at 4:24 PM, Sadler, Connie wrote:
> Does anyone know how close we are to a patch from Microsoft? ...
> Anybody have some
> status?

January 10 (one week from today) is Microsoft's goal for a patch.

The following was posted today on the updated MS advisory page (
http://www.microsoft.com/technet/security/advisory/912840.mspx )

Microsoft Security Advisory (912840)
Vulnerability in Graphics Rendering Engine Could Allow Remote Code
Execution.
Published: December 28, 2005 | Updated: January 3, 2006

On Tuesday, December 27, 2005, Microsoft became aware of public reports
of malicious attacks on some customers involving a previously unknown
security vulnerability in the Windows Meta File (WMF) code area in the
Windows platform.

Upon learning of the attacks, Microsoft mobilized under its Software
Security Incident Response Process (SSIRP) to analyze the attack, assess
its scope, define an engineering plan, and determine the appropriate
guidance for customers, as well as to engage with anti- virus partners
and law enforcement.

Microsoft confirmed the technical details of the attack on December 28,
2005 and immediately began developing a security update for the WMF
vulnerability on an expedited track.

Microsoft has completed development of the security update for the
vulnerability. The security update is now being localized and tested to
ensure quality and application compatibility. Microsoft's goal is to
release the update on Tuesday, January 10, 2006, as part of its monthly
release of security bulletins. This release is predicated on  
successful completion of quality testing.
...