A Revolution is the Solution

I agree PG. M$ always need a follow on. At least it is better than nothing.
AndyAtHull | Homepage | 01.03.06 - 6:40 pm | #

grrrrrrrrr i dislike the idea of the software patch mostly due to the fact that it Smacks of the OOOPS
we should have thought of that
turn of mind
milligansghost | 01.03.06 - 6:46 pm | #

Bad enough to fear the malware, then have to fear the 'fix'.

Kinda like chemotherapy. *rolls eyes*
Deb | 01.03.06 - 8:56 pm | #

A new Windows exploit is spreading rather fast and by design is rather difficult to prevent. Since it spreads through graphics files (WMF data structures within files labelled .wmf,.jpg,.png,.gif,.bmp), you can be affected by email,web or MSN. Exploit code has been in the wild since Dec 27th 2005.
:-/ true false or just Crazy??
milligansghost | 01.03.06 - 9:42 pm | #

been told this is a patch not so sure
"wmffix_hexblog13.exe"
milligansghost | 01.03.06 - 9:43 pm | #

Gravatar Hi!

Yes this is true. You can find this fix and a checker tool mirrored at CC:

http://castlecops.com/a6437- HAZA...RITY_ALERT.html -> Hotfix
http://castlecops.com/a6438- Hot_...ty_Checker.html -> Checker Tool

I havent got the authors Link at hand, but it seems that site is heavily overloaded with requests anyway. Go to the Sunbelt Blog to find an alternate download link.

Brgds from Germany,

Johannes
Yourhighness | Homepage | 01.03.06 - 10:02 pm | #

Gravatar Hi!

Just a quick note before midnight

The Hexblog Site seems to have some severe problems, so CC is hosting a special forum in the mean time, with download links etc...

Link: http://castlecops.com/f212-Hexblog.html

Thanks to Alex Eckelberry from the Sunbelt Blog for pointing it out at his Blog.

Cheers and good nite,

Johannes
Yourhighness | Homepage | 01.03.06 - 11:05 pm | #

Gravatar The official patch has been leaked.

They finished it, and are testing it. (keep in mind that the equivalent QA department of open source is Linus cracking whips)

I think the whole exploit is blown out of perspective anyway. They populate the same sites that even as I type host CVE-2002 exploits. Most sites only refer to one or two master sites with the actual code.

Besides, not everyone updates. Those who don't usually get new service packs and updates when they buy a new computer.
redxii | 01.04.06 - 2:51 am | #

Gravatar New computers need updating, too. In my experience, they never have all the updates.

SANS isn't too happy with Microsoft right now.

http://isc.sans.org/diary.php?st...hp? storyid=1011
suzi | Homepage | 01.04.06 - 3:26 am | #

Gravatar suzi, people are going to bitch anyway when the patch breaks something and they released it right this minute. "IT staffers" bitched about unpredictable releases. So "IT staffers" should admit to Microsoft that they were wrong and say "You got a patch, we want it anyway even though you haven't tested it."

Then they'll bitch about a new revision of the same patch because they wanted it immediately and MS/other parties were unable to catch a problem before it got released the first time.

"You make the choice." The choice had been made a very long time ago: Wait until (this time) during the month to receive a patch.
redxii | 01.04.06 - 4:50 am | #

Gravatar As far as this whole shebang goes, I still think what I thought originally: potentially very bad exploit, nowhere near as utilised by the evil uberhackers as it should have been by this point.

yes, we do have to wait till the 10th but the internet community hasn't keeled over and died yet. I'm still seeing more hoohah than anything else.
Paperghost | 01.04.06 - 6:41 am | #

Name:

Email:

URL:

Comment:  ? 

 

Commenting by HaloScan