January 02, 2006

Windows WMF vulnerability patch is up. It's not official, but it could be a week or more before MS gets its collective thumb out of its collective ass and fixes the problem. Meantime, the consensus seems 100%: this patch is good, it is reversible, and it is necessary.

Via Metafilter's thread on the topic, which is chock-full of good info and links. Unregister the DLL as indicated in that thread. Folks, all indications are that this is very bad. As in, unprecedented bad. Fix it now. Anyone who recommends I "get a Mac" is welcome to send me a check for $2000 US so I can buy one. Otherwise, let's see if we can avoid that conversation for the 200th time.

  • Shitcock. Meant to link here, which has two links to the patch.
  • Anyone who recommends I "get a Mac" is welcome to send me a check for $2000 US so I can buy one. Otherwise, let's see if we can avoid that conversation for the 200th time. m'eh. YHBT.
  • From what I've read, there's no need to unregister the DLL if you use Guilfanov's patch.
  • Yeah, I've read both pro and con on that issue, but I figure better safe than sorry.
  • I've worked with these crapsacks before.
  • It seems to want to disable the Bonjour runtime in Windows if you have that installed.
  • Could someone use this exploit to correct the exploit? Could they make a .wmf file that has this fix, host it a imageshack or somewhere, and then post the .wmf on fark or somewhere else high traffic and allows image posts? If the exploit is so threatening, this fix would be just as threatening.
  • Thanks for the post MCT. Does anyone know if the patch works for win98? The link just seems to go straight to a .exe file with no description on what Windows variants it works for.
  • Incidentally is there anything out there that will scan a web page to see if it is contaminated? The reason I ask is that someone could post a FPP on Monkeyfilter maliciously that could infect anyone clicking on the web page. Gawd knows we've seen a few in the past week or so of dumbass spammers.
  • Yeah, some forums have even gone so far as to disable the posting of images completely until this is fixed.
  • It just boggles my mind that you'd allow an image file to execute fucking code. Rank that high on the list of Dickbrained Ideas.
  • What about the Da Vinci code?
  • Hm. Reading Dan Brown, or a 'sploded computer. Dan Brown, 'sploded computer. Dan Brown...
  • Rank that high on the list of Dickbrained Ideas. Amen to that. Although in their defense (can't believe I'm saying that but anyhow) the vulnerability seems to date back to Windows 3.0. The sins of the fathers etc....
  • The discussion thread on Meta is quickly turning into a pointless Mac-PC-Linux rant. Here is the Wikipedia article: "2005 WMF vulnerability" with the straight goods on this severe problem.
  • Although in their defense (can't believe I'm saying that but anyhow) the vulnerability seems to date back to Windows 3.0. I see that as part of the problem. Microsoft's borderline-insane devotion to backwards compatibility means we live with cruft and holes like this all the time. Whenever something like this happens (horrible latter-day consequences of some ancient harebrained design "feature" from early in the 20+ year history of MS Windows) I wish Microsoft actually had the balls to throw some of their considerable monopolist weight around, and fix the root of the problem even if it meant breaking old code. That kind of power should be a feature of a monopoly, but Microsoft keeps treating it as if it's a bug.
  • Where I work we're half Macs and half PCs. I'm on a Mac, as is the guy who sits next to me, but the gal two desks down is on a PC. All of our sales force is on PCs. And these people love to surf, sometimes to places you'd think people would never take a business computer to... well, it was nice having the internet at work while it lasted.
  • woo-hoo, i've just installed ubuntu on my pc using vmware player (which i found out about via a link on the mefi thread mentioned by mct above). this wmf exploit gave me the impetus i needed to finally check out ubuntu. well, it's also been a slow day at work. it sure is pretty in my brown ubuntu world. thanks mct!
  • You've got me curious about the vmware player too- I'm downloading their 'browser appliance'.
  • roryk, that's hilarious. I kept trying to go to ubuntu.com this morning to look for a live cd, and kept timing out.
  • i downloaded the vmware player (~30 MB) and the ubuntu distrib from the vmware site (~500 MB). install was very smooth. ubuntu took 2.5 GB of disk space. i haven't looked into how this is allocated. all told, it took about 45 minutes to get ubuntu up and running. for a quick and dirty linux install, it's quite impressive.
  • Question: I've installed the patch and the changed the registry. I'm pretty sure my comp's clean, but how can I be sexy sure? If this is an exploitation rather than a virus, would Avast! notice it? If not that, what should I be looking for to ensure that I'm okay? Please respond soon, as I've taken the advice of the Macolytes and am not sure how much longer I can keep my PC balanced on the guardrail of this balcony.
  • Not sure, how to be sure LLL. I've just stopped surfing on no-name sites, not going to click on any FPPs that point to nn sites, not clicking on any e-mails with attachments. Just sitting in front of my blank screen with a big bag of peanuts.
  • I wish Microsoft actually had the balls to throw some of their considerable monopolist weight around, and fix the root of the problem I'm thinking they don't even know about the problem to begin with. Do they actually do security audits on their old stuff? Anyhow, big egg on face for Mr Gates. Apple could get some nice upside out of this. Maybe they should announce a sale or something. I'd spring for a G4 if it cost less than Cdn$1500.
  • Thanks for the warning, anyway.
  • For roryk and Stan the Bat: I prefer Ubuntu myself, but if you'd like to try Suse with KDE 3.5 (the other major *nix desktop environment besides Gnome which Ubuntu uses by default) there's a preconfigured image for VMware Player newly available here.
  • Peanuts, StoryBored?!? In this day and age, I don't understand why people still eat goober peas. Their shells are weak, they're suceptible to Aspergillus flavus, there's allergies to worry about, and the last one always tastes bad. And yet people still cling to them. Why? As a satisfied hazelnut user, I can only shake my head and cluck my tongue at you, I'm afraid.
  • Hmmm, LLL. You've got a point. Actually what i have here is a can of mixed nuts. There's some hazel, brazil and cashews. But a good peanut, i gotta say is worth savoring.
  • I take it Microsoft hasn't released a patch for this yet. Now for the stoopit question: will I need to clean up all my PCs? Or just my home network? (with me as admin)
  • The Microsoft Security Response Center Blog (no update since 12-30-05)
  • Here's a page with the temporary hotfix.
  • They've update the Microsoft Security Response Center Blog. "...we really want to continue to urge customers not to visit unfamiliar or untrusted Web sites..." Way to take all the fun out of the internets! How am I supposed to find pictures of animals thinking clever things?
  • Given Microsoft's history of releasing patches and updates that do more harm than good and their air of befuddlement about this patch in paticular, I'm gonna hold off on downloading it for a while.
  • Yeah it's sort of the lesser of two evils