MS PATCH details plus URL's for download [was: Re: WMF Microsoft Patch is out]

Gadi Evron ge at linuxbox.org
Thu Jan 5 20:42:26 UTC 2006


Jerry Dixon wrote:
> FYI all, the Microsoft Official patch is out for WMF and available via Windows Update.

I took this from the funsec list:
Larry Seltzer-
http://www.microsoft.com/technet/security/bulletin/advance.mspx

"Microsoft originally planned to release the update on Tuesday, January 10,
2006 as part of its regular monthly release of security bulletins, once
testing for quality and application compatibility was complete. However,
testing has been completed earlier than anticipated and the update is ready
for release...

"Microsoft's monitoring of attack data continues to indicate that the
attacks are limited and are being mitigated both by Microsoft's efforts to
shut down malicious Web sites and with up-to-date signatures form anti-virus
companies.

"The security update will be available at 2:00 pm PT as MS06-001. "

-----

Matthew Murphy:
According to my MSRC source, the patch has hit WU now.  The bulletin is
up as we speak:

http://www.microsoft.com/technet/security/bulletin/ms06-001.mspx

My tests indicate the updates are up as well:

Windows 2000 SP4
http://www.microsoft.com/downloads/details.aspx?familyid=AA9E27BD-CB9A-4EF1-92A3-00FFE7B2AC74

Windows XP SP1/SP2
http://www.microsoft.com/downloads/details.aspx?familyid=0C1B4C96-57AE-499E-B89B-215B7BB4D8E9

Windows XP x64 Edition
http://www.microsoft.com/downloads/details.aspx?familyid=3A1166E6-5E9E-4E73-BCD4-28ECA6ECE877

Windows Server 2003
http://www.microsoft.com/downloads/details.aspx?FamilyId=1584AAE0-51CE-47D6-9A03-DB5B9077F1F2

Windows Server 2003 for Itanium
http://www.microsoft.com/downloads/details.aspx?FamilyId=6E372D41-2C16-415E-8306-A5CA8845CC09

Windows Server 2003 x64 Edition
http://www.microsoft.com/downloads/details.aspx?FamilyId=A8F4DCBA-5D28-4D9D-A6A4-3B71108CFE2D

There is *NO PATCH* for Windows 98, Windows 98 SE, or Windows Me at this
time.

A quick study of the bulletin reveals this from the FAQ:

"Specifically, the change introduced to address this vulnerability
removes the support for the SETABORTPROC record type from the
META_ESCAPE record in a WMF image. This update does not remove support
for ABORTPROC functions registered by application SetAbortProc() API calls."

So, IOW, it's the same functionality as in Ilfak's patch, minus the hook.



More information about the NANOG mailing list