Educause Security Discussion mailing list archives

Re: WMF patch released

From: Theodore Pham <telamon () CMU EDU>
Date: Thu, 5 Jan 2006 16:19:35 -0500

On Thu, 5 Jan 2006, Jeni Li wrote:

A question came up from one of our desktop managers --

Has anyone found or discovered any info related to the consequences of =
applying the official update with Ilfak's unofficial fix still =
installed?  I know sans is recommending uninstalling the unofficial fix =
first, but with the way AD timings and WSUS timings work, the only way =
to really guarantee that it happens in that order is to leave all of =
your machines unprotected from all fixes for a considerable amount of =
time (undeploy Ilfak's msi, wait a day or so, then approve the MS fix =
via WSUS.

Jeni Li
Web/Systems Administrator
Arizona State University, at the Polytechnic campus


Now that the official patch is out, SANS has revised their recommendation.

See:

http://isc.sans.org/diary.php?&storyid=1019

You can leave the unofficial patch installed while letting the official
one apply.

Then uninstall the unofficial one, re-register shimgvw.dll, then reboot
just for good measure.

Some light testing on my part shows no problems with that procedure.

Ted Pham
Information Security Office
Carnegie Mellon University

Current thread:

WMF patch released David LaPorte (Jan 05)
- <Possible follow-ups>
- Re: WMF patch released Sadler, Connie (Jan 05)
- Re: WMF patch released Doug Pearson (Jan 05)
- Re: WMF patch released Jeni Li (Jan 05)
- Re: WMF patch released Theodore Pham (Jan 05)
- Re: WMF patch released Todd Kisida (Jan 05)
- Re: WMF patch released Ken Connelly (Jan 05)