Jan Ole Peek

WMF Exploit Fix

Turns out that there’s been a pretty gross exploit discovered in all versions of Windows that allows a corrupted image file to run arbitraty code on the user’s system. In other words, that nude picture of Jessica Alba may be deleting your harddrive and charging tattoos to your credit card! See the link below for a fix.

Security Now! Notes for Episode #20
It would seem that we can be pretty certain that Microsoft will have this WMF vulnerability mess cleaned up shortly. Microsoft’s cryptographically signed and authentic (though perhaps not final), security update addressing this vulnerability has prematurely leaked onto the Internet.

As expected, Ilfak’s WMF vulnerability suppression patch, and his WMF vulnerability testing utility, both interact smoothly and seamlessly with Microsoft’s forthcoming official security update. Ilfak’s code can be left running while installing Microsoft’s security update, then safely removed forever once the system has rebooted from the update.

Also, Ilfak’s vulnerability tester properly recognizes the system’s true WMF vulnerability condition under every combination of patch installations (either Ilfak’s, Microsoft’s, both, or neither). So, you may use Ilfak’s solutions with confidence while Microsoft completes their extensive compatibility and regression testing for this forthcoming security update. Once the update is ready, install Microsoft’s update, then safely remove Ilfak’s patcher.

1 Comment

Leave a Comment