New Patch for Windows

Messages
1,619
Edit My Images
Yes
hi
whilst scanning the web, i came across this link to a new patch for windows, apparently we all need it.
Must admit, i have not downloaded myself yet, wanted more info from the IT bods in here first.
http://www.hexblog.com/2005/12/wmf_vuln.html
stevannie
 
My advice? Don't download *any* 'windows updates' unless they come directly from the Microsoft site. That file could easily be a Trojan and I strongly recommend you don't touch it.

If there is any real need for a patch, Microsoft will release one themselves.
 
I would have to agree here, trusted sites and all that.
When it comes to Windows there is only one that you should download from ;)
 
me too agree, microsoft only for updates, and even then i still get greiff, service pack 2 was a nightmare.
 
As mentioned - if it aint an official Microsoft fix, from a Microsoft site dont touch it. It will not be fully tested and theres no guarantee it does, or only does what it claims.
 
Oooh No - that'll be a nasty one.
Only from Microsoft and even then check it - there was a spoof Microsoft update last month doing the rounds.
 
i set windoze update automatically, nice and easy then!
 
Matty said:
i set windoze update automatically, nice and easy then!

Dear god, have you no shame?
First Internet Exploder, now you tell us you have Windows Update to automatically install everything it wants?

Next you'll be telling us you listen to the Microsoft Word 'Clippit''s suggestions. :p
 
Marcel said:
Dear god, have you no shame?
First Internet Exploder, now you tell us you have Windows Update to automatically install everything it wants?
Um... you actually get to choose 'Express' or 'Custom' install. It doesn't install anything without asking you first. :)
 
GfK said:
Um... you actually get to choose 'Express' or 'Custom' install. It doesn't install anything without asking you first. :)


you dont get any of those features if you cant register your version of Xp Pro , lol

MyPix:suspect1:
 
MyPix said:
you dont get any of those features if you cant register your version of Xp Pro , lol

MyPix:suspect1:
There's only one reason you wouldn't be able to register your version of WinXP, so I think we better stop that conversation right there.
 
If you can't register your version of XP pro, you just need to look a bit harder for your serial number.
 
Marcel said:
Original link has gone, but I was sure it linked to a Microsoft Patch anyway.

That said, there *is* a new vulnerability in windows.

http://www.microsoft.com/technet/security/advisory/912840.mspx
And I think that was what the original link was referring to.
The original link did indeed point to that microsoft page. However, the patch itself was hosted on hexblog.com, not on microsoft.com.

Microsoft has completed development of the security update for the vulnerability. The security update is now being localized and tested to ensure quality and application compatibility.... ...The update will be released worldwide simultaneously in 23 languages for all affected versions of Windows once it passes a series of rigorous testing procedures. It will be available on Microsoft’s Download Center, as well as through Microsoft Update and Windows Update. Customers who use Windows’ Automatic Updates feature will be delivered the fix automatically.

Nowhere does it say "get it from hexblog.com" :)
 
Ahh with me remembering the link to Microsoft, I thought the link was to the patch itself.
 
It does all sound very fishy, especially considering hexblog account has now been suspended.

Unless info comes from a trusted source. i.e. Microsoft, NTBugtraq or something similar don't even bother, it's just a waste of time.
 
CriPPle said:
Unless info comes from a trusted source. i.e. Microsoft

Even then I wait until it's been thoroughly tested by scores of other users / guinea pigs before I let it even near my system.

It's amazing to think of the amount of Microsoft's work I 'undo' when I install windows on my machine.
By that I mean disabling services, tweaking here and there to make it a better OS.
And I've had a number of 'hotfixes' that have completely buggered up my machine :D
 
Steve said:
SP2 :whistle2:

Nah I waited a long while before I took the plunge with SP2 ;)
It was mainly a few fixes before SP2 and I think there was a couple before SP1 too (both of which ended up integrated into the respective service packs, just fixed)
 
Ok let me dispel a few of the rumours here - the Hexblog site is run by the person that discovered the flaw, and is legit. However, while the unofficial patch will do the job it is strongly recommended that you uninstall the patch before installing Microsoft's version.

Microsoft (as usual) will take weeks to release a fix for this vulnerability - the release date is expected to be on the 10th of Jan

I would highly recommend people to install this unofficial patch while waiting for the version from Microsoft, and to follow normal best practice of updating your Anti-Virus definition files on a daily basis and being wary of files attached to emails, although this exploit can run even by viewing a webpage with an infected file embedded!

More information can be taken from SANS http://isc.sans.org/diary.php?rss&storyid=992

And http://www.sophos.co.uk/pressoffice/news/articles/2006/01/wmfexploit.html
 
MyPix said:
you dont get any of those features if you cant register your version of Xp Pro , lol

MyPix:suspect1:

Automatic updates still work tho ;)

Turn them on in the control panel>automatic updates
 
hi guys
i realised that the blog was not linked directly to microsoft, it was just that this chap had noticed a vunerability in windows xp, and notified them of it, but meanwhile had written his own patch.
In yesterdays Daily Mail there was a half a page spread on this vunerability, and microsoft are to release a patch within a month.
 
Windows Automatic Update installed this patch (KB912919) on both my PCs today.
 
GfK said:
Windows Automatic Update installed this patch (KB912919) on both my PCs today.

That's very interesting indeed. It would seem this patch was leaked onto the web this morning and then all existance was removed again.

The file seems to be named WindowsXP-KB912919-x86-ENU.exe but is nowhere to be found now....
 
evilowl said:
That's very interesting indeed. It would seem this patch was leaked onto the web this morning and then all existance was removed again.

The file seems to be named WindowsXP-KB912919-x86-ENU.exe but is nowhere to be found now....
It wasn't leaked:

http://news.bbc.co.uk/1/hi/technology/4587434.stm

[edit] The patch can be found here for anyone still having problems.
 
Mine's updated and no longer seem to be vunerable. Phew!
 
Back
Top