Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: WMF round-up, updates and de-mystification
From: gat0r <gat0r () toughguy net>
Date: Tue, 03 Jan 2006 18:16:57 +0100

If you are still running windows 98 or ME,  you are just plain wrong...

On 1/3/06 11:35 AM, "Nancy Kramer" <nekramer () mindtheater net> wrote:

Hello All,

I went to the patch site mentioned although I am currently running  a
version of Windows it supposedly cannot help.  Down loaded and ran the
vulnerability check program there expecting it to say that my system is
vulnerable.  Interestingly it said it was not vulnerable.  I run Free AVG
as my anti virus and a couple of updates came down today so possibly that
did something.  Just thought I would pass this along.

Might be interesting to try it with other unpatched or unpatcheable
versions of Windows running different types of anti virus.  Got a new
computer with XP Pro a few days ago so will patch that and work to move
into it sooner than I was planning.

I know quite a few home users who are still running Windows 98 and ME,
possibly many will be vulnerable.


Nancy Kramer
Webmaster http://www.americandreamcars.com
Free Color Picture Ads for Collector Cars
One of the Ten Best Places To Buy or Sell a Collector Car on the Web

At 03:28 AM 1/3/2006, Gadi Evron wrote:

Quite a bit of confusing and a vast amount of information coming from all
directions about the WMF 0day. Here are some URL's and generic facts to
set us straight.

The "patch" by Ilfak Guilfanov works, but by disabling a DLL in Windows.
So far no problems have been observed by anyone using this patch. You
should naturally check it out for yourselves but I and many others
recommend it until Microsoft bothers to show up with their own patch.

Ilfak is trusted and is in no way a Bad Guy.

You can find more information about it at his blog:

If you are still not sure about the patch by Ilfak, check out the
discussion of it going on in the funsec list about the patch, with Ilfak
Occasional information of new WMF problems keep coming in over there.

In this URL you can find the best summary I have seen of the WMF issue:
by the "SANS ISC diary" team.

In this URL you can find the best write-up I have seen on the WMF issue:
By Matthew Murphy at the "Securiteam Blogs".

Also, it should be noted at this time that since the first public
discovery of this "problem", a new one has been coming in - every day. All
the ones seen so far are variants of the original and in all ways the SAME
problem. So, it would be best to acknowledge them as the same... or we
will keep having a NEW 0day which really isn't for about 2 months when all
these few dozen variations are exhausted.

A small BUT IMPORTANT correction for future generations:
The 0day was originally found and reported by Hubbard Dan from Websense on
a closed vetted security mailing list, and later on at the Websense public
page. All those who took credit for it took it wrongly.

Thanks, and a better new year to us all,

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

No virus found in this incoming message.
Checked by AVG Anti-Virus.
Version: 7.1.371 / Virus Database: 267.14.11/219 - Release Date: 1/2/2006

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]