Re: Unofficial WMF fix gets thumbs up by SANS.org and NIST.org
- From: "Quaoar" <quaoar@xxxxxxxxxxxxxxx>
- Date: Wed, 4 Jan 2006 04:53:51 -0700
NIST.org wrote:
> The SANS recommended hotfix (by: Ilfak Guilfanov) intercepts calls to
> the exploitable program routines in the vulnerable shimgwv.dll file.
> It completely mitigates any threat from this vulnerability. No need
> to run Microsoft suggested unregister command but it doesn't hurt to
> do so (belt and suspenders is what SANS called it).
>
> My only problem with this fix is that its not very enterprise
> friendly. It requires installation on every machine through
> non-automated processes (yes, you can automate an install yourself)
> and should be uninstalled after Microsoft releases their fix.
>
> The latest exploit kits being circulated allows creation of WMF files
> with varying signatures. This was intended to make detection by
> IDS/IPS and antivirus programs much harder or impossible. So this
> unofficial hotfix maybe all we have at the moment.
>
> You can download the hotfix and read more at http://www.NIST.org
> Check back often for updates or subscribe to the NIST.org RSS feed.
Ilfak's site is up again, http://www.hexblog.com/ or
http://216.227.222.95/ since the server has changed. The latest SANS
logs are here http://isc.sans.org/diary.php?storyid=1013
.
- References:
- Unofficial WMF fix gets thumbs up by SANS.org and NIST.org
- From: NIST.org
- Unofficial WMF fix gets thumbs up by SANS.org and NIST.org
- Prev by Date: your opinion about security
- Next by Date: Re: Doubleclick Penetrates Firefox on Xandros Linux
- Previous by thread: Unofficial WMF fix gets thumbs up by SANS.org and NIST.org
- Next by thread: Re: Unofficial WMF fix gets thumbs up by SANS.org and NIST.org
- Index(es):
Relevant Pages
|
