Educause Security Discussion mailing list archives

Re: WMF patch released

From: Ken Connelly <Ken.Connelly () UNI EDU>
Date: Thu, 5 Jan 2006 15:23:16 -0600

SANS' latest recommendation is to install the official patch, then
remove the unofficial.  I haven't personally tested, but am aware of
numerous others who have and this has worked without issue.

- ken

Jeni Li wrote:

A question came up from one of our desktop managers --

Has anyone found or discovered any info related to the consequences of applying the official update with Ilfak's unofficial 
fix still installed?  I know sans is recommending uninstalling the unofficial fix first, but with the way AD timings and WSUS 
timings work, the only way to really guarantee that it happens in that order is to leave all of your machines unprotected from 
all fixes for a considerable amount of time (undeploy Ilfak's msi, wait a day or so, then approve the MS fix via WSUS.

Jeni Li
Web/Systems Administrator
Arizona State University, at the Polytechnic campus

-----Original Message-----
From: Doug Pearson [mailto:dodpears () INDIANA EDU]
Sent: Thursday, January 05, 2006 1:52 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] WMF patch released

The link ...advance.mspx still (3:45 EST) doesn't have
web-download link to the fix - says that will be made
available at 2:00p PST. But the fix can be web-downloaded at:
http://www.microsoft.com/technet/security/Bulletin/MS06-001.mspx

At 03:25 PM 1/5/2006 -0500, David LaPorte wrote:

Microsoft has released the patch early.  I was able to pull it via
Windows Update:

http://www.microsoft.com/technet/security/bulletin/advance.mspx

David

--
David LaPorte, CISSP, CCNP
Security Manager, Network and Server Systems
Harvard University Information Systems
-----------------------------------------------
Email: david_laporte () harvard edu
PGP: 0x4DC3E508
     4A1F058DB2B32FEF10A14F6BD370A6AD4DC3E508


--
- Ken
=================================================================
Ken Connelly             Associate Director, Security and Systems
ITS Network Services                  University of Northern Iowa
email: Ken.Connelly () uni edu   p: (319) 273-5850 f: (319) 273-7373
It's much more important to know what you don't know than what you do know!

Current thread:

WMF patch released David LaPorte (Jan 05)
- <Possible follow-ups>
- Re: WMF patch released Sadler, Connie (Jan 05)
- Re: WMF patch released Doug Pearson (Jan 05)
- Re: WMF patch released Jeni Li (Jan 05)
- Re: WMF patch released Theodore Pham (Jan 05)
- Re: WMF patch released Todd Kisida (Jan 05)
- Re: WMF patch released Ken Connelly (Jan 05)