New Patch for Windows

Messages
1,673
Edit My Images
Yes
hi
whilst scanning the web, i came across this link to a new patch for windows, apparently we all need it.
Must admit, i have not downloaded myself yet, wanted more info from the IT bods in here first.
http://www.hexblog.com/2005/12/wmf_vuln.html
stevannie
 

GfK

Suspended / Banned
Messages
1,546
Edit My Images
No
My advice? Don't download *any* 'windows updates' unless they come directly from the Microsoft site. That file could easily be a Trojan and I strongly recommend you don't touch it.

If there is any real need for a patch, Microsoft will release one themselves.
 
S

Steve

Guest
I would have to agree here, trusted sites and all that.
When it comes to Windows there is only one that you should download from ;)
 
Messages
378
Edit My Images
No
me too agree, microsoft only for updates, and even then i still get greiff, service pack 2 was a nightmare.
 
Messages
3,930
Edit My Images
Yes
As mentioned - if it aint an official Microsoft fix, from a Microsoft site dont touch it. It will not be fully tested and theres no guarantee it does, or only does what it claims.
 

Arkady

Suspended / Banned
Messages
10,977
Name
Rob
Edit My Images
No
Oooh No - that'll be a nasty one.
Only from Microsoft and even then check it - there was a spoof Microsoft update last month doing the rounds.
 
Messages
37,550
Name
matt
Edit My Images
Yes
i set windoze update automatically, nice and easy then!
 

Marcel

Kim Jong Bod
Staff member
Admin
Messages
53,526
Name
Marcel
Edit My Images
Yes
Matty said:
i set windoze update automatically, nice and easy then!
Dear god, have you no shame?
First Internet Exploder, now you tell us you have Windows Update to automatically install everything it wants?

Next you'll be telling us you listen to the Microsoft Word 'Clippit''s suggestions. :p
 

GfK

Suspended / Banned
Messages
1,546
Edit My Images
No
Marcel said:
Dear god, have you no shame?
First Internet Exploder, now you tell us you have Windows Update to automatically install everything it wants?
Um... you actually get to choose 'Express' or 'Custom' install. It doesn't install anything without asking you first. :)
 
Messages
825
Edit My Images
Yes
GfK said:
Um... you actually get to choose 'Express' or 'Custom' install. It doesn't install anything without asking you first. :)

you dont get any of those features if you cant register your version of Xp Pro , lol

MyPix:suspect1:
 

GfK

Suspended / Banned
Messages
1,546
Edit My Images
No
MyPix said:
you dont get any of those features if you cant register your version of Xp Pro , lol

MyPix:suspect1:
There's only one reason you wouldn't be able to register your version of WinXP, so I think we better stop that conversation right there.
 
Messages
451
Name
Ian
Edit My Images
Yes
If you can't register your version of XP pro, you just need to look a bit harder for your serial number.
 

GfK

Suspended / Banned
Messages
1,546
Edit My Images
No
Marcel said:
Original link has gone, but I was sure it linked to a Microsoft Patch anyway.

That said, there *is* a new vulnerability in windows.

http://www.microsoft.com/technet/security/advisory/912840.mspx
And I think that was what the original link was referring to.
The original link did indeed point to that microsoft page. However, the patch itself was hosted on hexblog.com, not on microsoft.com.

Microsoft has completed development of the security update for the vulnerability. The security update is now being localized and tested to ensure quality and application compatibility.... ...The update will be released worldwide simultaneously in 23 languages for all affected versions of Windows once it passes a series of rigorous testing procedures. It will be available on Microsoft’s Download Center, as well as through Microsoft Update and Windows Update. Customers who use Windows’ Automatic Updates feature will be delivered the fix automatically.
Nowhere does it say "get it from hexblog.com" :)
 

Marcel

Kim Jong Bod
Staff member
Admin
Messages
53,526
Name
Marcel
Edit My Images
Yes
Ahh with me remembering the link to Microsoft, I thought the link was to the patch itself.
 
C

CriPPle

Guest
It does all sound very fishy, especially considering hexblog account has now been suspended.

Unless info comes from a trusted source. i.e. Microsoft, NTBugtraq or something similar don't even bother, it's just a waste of time.
 

Marcel

Kim Jong Bod
Staff member
Admin
Messages
53,526
Name
Marcel
Edit My Images
Yes
CriPPle said:
Unless info comes from a trusted source. i.e. Microsoft
Even then I wait until it's been thoroughly tested by scores of other users / guinea pigs before I let it even near my system.

It's amazing to think of the amount of Microsoft's work I 'undo' when I install windows on my machine.
By that I mean disabling services, tweaking here and there to make it a better OS.
And I've had a number of 'hotfixes' that have completely buggered up my machine :D
 

Marcel

Kim Jong Bod
Staff member
Admin
Messages
53,526
Name
Marcel
Edit My Images
Yes
Steve said:
SP2 :whistle2:
Nah I waited a long while before I took the plunge with SP2 ;)
It was mainly a few fixes before SP2 and I think there was a couple before SP1 too (both of which ended up integrated into the respective service packs, just fixed)
 
Messages
1,638
Edit My Images
No
Ok let me dispel a few of the rumours here - the Hexblog site is run by the person that discovered the flaw, and is legit. However, while the unofficial patch will do the job it is strongly recommended that you uninstall the patch before installing Microsoft's version.

Microsoft (as usual) will take weeks to release a fix for this vulnerability - the release date is expected to be on the 10th of Jan

I would highly recommend people to install this unofficial patch while waiting for the version from Microsoft, and to follow normal best practice of updating your Anti-Virus definition files on a daily basis and being wary of files attached to emails, although this exploit can run even by viewing a webpage with an infected file embedded!

More information can be taken from SANS http://isc.sans.org/diary.php?rss&storyid=992

And http://www.sophos.co.uk/pressoffice/news/articles/2006/01/wmfexploit.html
 
Messages
1,638
Edit My Images
No
MyPix said:
you dont get any of those features if you cant register your version of Xp Pro , lol

MyPix:suspect1:
Automatic updates still work tho ;)

Turn them on in the control panel>automatic updates
 
OP
Boon
Messages
1,673
Edit My Images
Yes
hi guys
i realised that the blog was not linked directly to microsoft, it was just that this chap had noticed a vunerability in windows xp, and notified them of it, but meanwhile had written his own patch.
In yesterdays Daily Mail there was a half a page spread on this vunerability, and microsoft are to release a patch within a month.
 

GfK

Suspended / Banned
Messages
1,546
Edit My Images
No
Windows Automatic Update installed this patch (KB912919) on both my PCs today.
 
Messages
1,638
Edit My Images
No
GfK said:
Windows Automatic Update installed this patch (KB912919) on both my PCs today.
That's very interesting indeed. It would seem this patch was leaked onto the web this morning and then all existance was removed again.

The file seems to be named WindowsXP-KB912919-x86-ENU.exe but is nowhere to be found now....
 
Messages
2,378
Edit My Images
Yes
Mine's updated and no longer seem to be vunerable. Phew!
 
Top