Monday, January 02, 2006

Patching: WMF Exploit patch

With the risks surrounding the WMF exploit, combined with the fact that we haven’t seen a patch yet from Microsoft, Iifak Guilfanov of coded up a hotfix that seems to do the trick. Antivirus vendors are still pushing out definition updates that are effective against at least some of the exploits, but the patch over at hexblog has been dubbed the most-effective solution currently available.

Handlers at SANS ISC have looked through the code, and are strongly recommending that this unofficial patch be used until something more permanent is available from Microsoft – but until something more permanent"> nothing is expected until the next scheduled path-release date on January 10th.

The MSI file which would have made patching quite a bit easier has been pulled due to some type of problems, and as a result we’re left without a way to easily distribute the patch.

No comments: