WMF patch is now available

Discussion in 'Dell' started by Jupiter Jones, Jan 5, 2006.

  1. Microsoft released the much anticipated WMF patch about an hour ago:
    http://www.microsoft.com/technet/security/bulletin/advance.mspx

    Before installing be sure to uninstall any 3rd party patches installed and
    undo any other work-a-rounds temporarily implemented.
    Reboot after installing to insure complete protection.
     
    Jupiter Jones, Jan 5, 2006
    #1
    1. Advertisements

  2. Jupiter Jones

    Quaoar Guest

    Use Windows Update.

    Q
     
    Quaoar, Jan 6, 2006
    #2
    1. Advertisements

  3. Jupiter Jones

    Keith Guest

    Wow Jupiter, did you come up with this one on your own? Nobody in the world
    would have ever discovered this update if it had not been for you. I'll bet
    Microsoft consulted with you on this one.
     
    Keith, Jan 6, 2006
    #3
  4. Jupiter Jones

    Tom Scales Guest

    Boy you have a bad attitude. Do you scream obscenities at school crossing
    guards too?
     
    Tom Scales, Jan 6, 2006
    #4
  5. Keith;
    Nice attitude you have.
    You may know everything about vulnerabilities and fixes before everyone, but
    there are some that do not know all as you do.
    Since this is a major issue getting as lot of attention in newsgroups,
    lists, news media etc, I felt it a good idea to help spread the word.
    What are you doing to help?
     
    Jupiter Jones, Jan 6, 2006
    #5
  6. Well, I appreciate your posting about it. I passed the information along to
    some others whom I knew were interested so your bread has been cast upon the
    waters and spread about. May you live long and prosper.

    In Jupiter Jones <> stated
    | Keith;
    | Nice attitude you have.
    | You may know everything about vulnerabilities and fixes before
    | everyone, but there are some that do not know all as you do.
    | Since this is a major issue getting as lot of attention in newsgroups,
    | lists, news media etc, I felt it a good idea to help spread the word.
    | What are you doing to help?
    |
    |
    | || Wow Jupiter, did you come up with this one on your own? Nobody in the
    || world would have ever discovered this update if it had not been for
    || you. I'll bet Microsoft consulted with you on this one.
     
    Joan F \(MI\), Jan 6, 2006
    #6
  7. Jupiter Jones

    Notan Guest

    Keith's goal, in life, is to annoy the folks in various newsgroup.

    From that standpoint, he's quite the success story.

    On behalf of the rest of us, thanks for the latest, breaking info!

    Notan
     
    Notan, Jan 6, 2006
    #7
  8. and those of us with an ounce of common sense downloaded Ilfak
    Guilfanov's patch over a week ago because Microsoft could'nt be arsed
    to release a patch before the second Tuesday of the month.

    Oh, but stung into action by fierce criticism and threats of lawsuits,
    they had a change of heart.

    Monkeys.
     
    Alex Flaherty, Jan 6, 2006
    #8
  9. Jupiter Jones

    Brando Guest

    And what exactly is a "WMF" ?! Jeez, I hope it's not porn!

    ;o)
     
    Brando, Jan 6, 2006
    #9
  10. Jupiter Jones

    Notan Guest

    Don't worry, your porn collection is safe. <g>

    WMF = Microsoft Windows Metafile

    (For more info, see http://tinyurl.com/brghc.)

    Notan
     
    Notan, Jan 6, 2006
    #10
  11. It a graphics file format. Windows Meta File. Been around a long time.

    In Brando <> stated

    | And what exactly is a "WMF" ?! Jeez, I hope it's not porn!
    |
    | ;o)
     
    Joan F \(MI\), Jan 6, 2006
    #11
  12. Jupiter Jones

    Ben Myers Guest

    WMF is the Windows Metafile Format, a vector-oriented graphics file format that
    has been around since the earliest days of Windows. Leave it to the dunderhead
    Microsoft software "architects" (billg is chief architect!) to design a graphics
    DATA file format which allows the execution of program code embedded within it.
    Those of us who cut our teeth on punched cards and paper tape all have learned
    the foolishness of intermixing data and program code. So have some of the
    relative newbies to the software development trade. But Micro$oft? Hell, no.

    It is somewhat amazing that it has taken someone so many years (I went to a
    Windows 1.01 programming seminar back in '85 or '86, was it?) to figure out that
    WMFs can be used to infect computers with viruses, worms and their friends.

    If your porn consists of WMFs, you are at serious risk. :)

    .... Ben Myers
     
    Ben Myers, Jan 6, 2006
    #12
  13. Are you sure this is true? IIRC, the current bugfix is in the
    rendering software for WMF files, which (surprise!) has a buffer
    overflow vulnerability.
     
    William P.N. Smith, Jan 7, 2006
    #13
  14. Jupiter Jones

    Ben Myers Guest

    According to one respected analyst, the WMF has provision to include a callback
    address to executable code... Ben Myers
     
    Ben Myers, Jan 7, 2006
    #14
  15. No, the patch testing finished ahead of schedule.
    Patch Tuesday was never the driving force.
    It just happened that the projected release date accounting for development
    and testing was also patch Tuesday.
    But the critics will believe what they choose, usually following the
    negative line.
    And yet there are still those criticizing Microsoft for releasing the patch
    to quickly without adequate testing.
    Again Microsoft gets it from those who think it is to quick and to late all
    on the same patch.
    Sometimes it is impossible to win.
     
    Jupiter Jones, Jan 7, 2006
    #15
  16. Jupiter Jones

    Ben Myers Guest

    What ye sow is what ye reap. Micro$oft has placed itself in a no-win situation
    vis a vis security with its consistently poor software programming practices
    (See: Buffer OverRun) and overly complicated, constantly changing software
    architecture... Ben Myers
     
    Ben Myers, Jan 7, 2006
    #16
  17. Jupiter Jones

    Hank Arnold Guest

    IMNSHO, MS was forced into this situation of having security problems by the
    user community. They were forced over and over again to maintain backward
    compatibility whenever they released a new OS. Look at how long it took to
    get "real" DOS out of the code.

    Wonder what the reaction would have been if they released XP and said that
    it would only run programs written for it and that W2K and W9x programs
    would not run?? Check out what happened to OS/2 when IBM decided to not
    support W98 programs under OS/2 Warp...............

    Patch Tuesday was a direct result of pressure from corporate and individual
    users to stop patching on a random basis. I remember that MS was praised
    when they made that change.. Now they are the "Evil Empire" again...

    I'm no MS fan (and less of a Bill Gate one), but I think they are getting
    the short end of the stick on this one....
     
    Hank Arnold, Jan 8, 2006
    #17
  18. Jupiter Jones

    Ben Myers Guest

    Nope. The whole design of Windows has been a house of cards going back to
    Windows 1.03. This is the most complicated software design ever. I won't let
    billg of the hook so easily. Micro$oft has never been forced to do anything
    significant. It has always been Micro$oft driving the industry, which becomes
    apparent when one speaks with industry insiders off the record. There was one
    and only one reason to carry forward DOS compatibility. To do otherwise would
    have damaged billg's revenue stream and opened up the clear possibility for
    another operating system to become a viable competitor. No. This DOS
    compatibility stuff was in the long-range plan, ever since billg hired Dave
    Cutler away from DEC to do Windows NT. Deve was the chief architect of DEC's
    VMS. It is no coincidence that the WNT letters are each one greater than VMS in
    hex notation... Ben Myers
     
    Ben Myers, Jan 8, 2006
    #18
  19. Careful programming isn't forced on anyone, it's either part of your
    business practices or it isn't. M$ code has _always_ been quick and
    dirty, and now the chickens have come home to roost in the form of
    buffer overflows _everywhere_, and it's a monumental task (on the
    order of rewriting everything from scratch) to patch the broken bits
    (and then patch the patches, rinse lather repeat).

    Maybe the "user community" forced it on them by not demanding good
    coding practices (however they would have done that), but I don't have
    a lot of sympathy for the MicroSloth programmers. Sure, the users put
    up with buggy code, but that's not much of an excuse.

    Solutions? I doubt there are any.
     
    William P.N. Smith, Jan 8, 2006
    #19
  20. In Hex? Wha?
     
    William P.N. Smith, Jan 8, 2006
    #20
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.