WMF patch

• Previous message (by thread): WMF patch
• Next message (by thread): WMF patch
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More info.  This seems pretty reasonable:

http://castlecops.com/a6445-WMF_Exploit_FAQ.html

Steve Gibson is also mirroring Guilfanov's bypass, and says 
Microsoft's cryptographically signed but unreleased patch 
is floating around the net now:

http://www.grc.com/sn/notes-020.htm

In my reading this is a serious vulnerability, but the self-
inflating agitation in the "security community" has reached 
a highly annoying level.  I'm in the FTDT (fix the damn thing)
school; let's deal with it and get on with it.  Every cycle spent 
moaning about the faults of Microsoft is a lost opportunity 
for something more productive.

Back to /usr/lurk . . .

regards,

Fred

-----------------
>
>On Wed, 4 Jan 2006, Brance Amussen wrote:
>
>> 
>> Howdy, 
>> Here is the link to the unofficial patches creators site.
>> http://www.hexblog.com/ This is the one sans links to. 
>> Sans seems to be having a hard day.. No Dshield mailings today either..
>> Isc.sans.org is sporadic as well.. 
>
>According to isc.sans.org, hexblog.com was down due to bandwidth issues 
>earlier. See the isc.sans.org homepage for details on alternate ways to 
>get to it.
>

• Previous message (by thread): WMF patch
• Next message (by thread): WMF patch
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]