Re: WMF Exploit Patch Released

[Matthew Schiros <schiros () gmail com>]

According to Microsoft, WinNT4 and Win2k SP3 users are out of luck. 
Their reccomended "solution" is to upgrade your software to a
supported version.  Obviously, all this means is that they have no
solution at all, but this is hardly the first time that MS has stuck
it to WinNT4 users as part of an attempt to get them all moved over to
2k SP4.  As for the viability of disabling the DLL's in question,
while I haven't had any problems as a result of doing that on the 2k
boxes in the office, I haven't had the opportunity to test its impact
on NT systems.  That seems to be the only way of removing the exploit
from your machines though, and I'd be interested in knowing the
results of your attempts.


On 1/6/06, info () footvision com <info () footvision com> wrote:
> Hello Everyone,
>
> Unfortunately there are company who are still running NT4 and I was
> wondering which alternative do they have
>
> to face this security breach from the fact that Microsoft do not provide any
> patch for NT4 .
>
> Do they have to disable GDI32.DLL and WGDI32.DLL as suggested previously for
> SHIMGVW.DLL?
>
> Regards.
>
> Ernest Matos
>
> IT Security
>
>
> -----Original Message-----
>
> From: Matthew Schiros [mailto:schiros () gmail com]
>
> Sent: Thursday, January 05, 2006 10:51 PM
>
> To: security-basics () securityfocus com;
> bugtraq () securityfocus com
>
> Subject: WMF Exploit Patch Released
>
>
>
> Microsoft has released a patch for the WMF exploit a couple of days
>
> early, apparently due to a faster-than-expected testing process, and,
>
> at least I hope, some consumer pressure. It can be downloaded via
>
> Windows Update, or as a standalone install at:
>
> http://www.microsoft.com/technet/security/Bulletin/MS06-001.mspx
>
> As a note, it appears that all of the attempts to circumvent the
>
> problem via disabling SHIMGVW.DLL were irrelevant, and that those who
>
> discovered that GDI32.DLL and WGDI32.DLL were the culprits were
>
> correct.
>
> Happy crawling.
>
> Matt Schiros
>
> Web Developer
>
> Academic Superstore
>
> www.academicsuperstore.com
>
> ---------------------------------------------------------------------------
>
> EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
>
> The Norwich University program offers unparalleled Infosec management
>
> education and the case study affords you unmatched consulting experience.
>
> Tailor your education to your own professional goals with degree
>
> customizations including Emergency Management, Business Continuity Planning,
>
> Computer Emergency Response Teams, and Digital Investigations.
>
> http://www.msia.norwich.edu/secfocus
>
> ----------------------------------------------------------------------------

---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
----------------------------------------------------------------------------