Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Survey: Wmf Vulnerablility


  • Please log in to reply
10 replies to this topic

#1 BanditFlyer

BanditFlyer

  • Members
  • 283 posts
  • OFFLINE
  •  
  • Local time:09:49 PM

Posted 04 January 2006 - 02:04 PM

I installed the patch and then had some second thoughts. Is the patch going to create problems?

So I thought I'd post a poll and find out how many of the people who know what they are doing have also installed the patch.

Here is a link with some discussion about the prs and cons of using unofficial patches:
http://www.sans.org/newsletters/newsbites/...sue=1&rss=Y#200

Edit: looks like I messed up with the poll. Oh well. In that case, please just hit the reply button

Edited by BanditFlyer, 04 January 2006 - 02:07 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:49 AM

Posted 04 January 2006 - 02:18 PM

I installed used grinlers app...I feel good .says I'm clean...I wouldn't go out to get something that grinler posted for us to use..
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 BanditFlyer

BanditFlyer
  • Topic Starter

  • Members
  • 283 posts
  • OFFLINE
  •  
  • Local time:09:49 PM

Posted 04 January 2006 - 02:53 PM

I probably should've done that :thumbsup:

So, we've got one so far(because I'm guessing Grinlers app just repackages the unofficial patch???

Or did grinlers utility just unregister the thingy(that's a technical term!) that microsoft said to unregister?? Shame on me for not having the time to fully read up on this - it's been a busy week ).

Anyone else?

#4 Datababe

Datababe

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:49 AM

Posted 05 January 2006 - 01:04 PM

Ilfak's patch was pushed out at my work yesterday, surprisingly as they are usually cautious to the point of inertia about new technologies (it was only a few years ago I was still supporting some OS2 machines *cough*), and it promptly broke $Major_Marketing_App and had to be removed from the pcs which use that (luckily only a few). The push has been left running, though, so I guess the PHB's have decided the risk of breaking a few apps is the lesser of two evils (and considering the ad and junkware littered websites many of our users insist on frequenting, I have to agree).

I would have no qualms about installing Ilfak's patch on my home Windows XP machine, but I also have no motivation to do so. I can keep "Lazarus" offline until MS comes out with their patch, while "Velma" (my Cube), "Precious" (my Powerbook), and I watch the show from the safety of OSX. :thumbsup:

#5 Scarlett

Scarlett

    Bleeping Diva


  • Members
  • 7,479 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:As always I'm beside myself ;)
  • Local time:12:49 AM

Posted 05 January 2006 - 02:34 PM

I have not installed Ilfak's patch, but only because I run ME. If I was able to I would.

He is an admired member in the tech community. As a matter of fact his site was down this past Wednesday, citing bandwidth issues.
There lies your answer BanditFlyer. :thumbsup:
Also, the SANS Institute's Internet Storm Center recommends applying the patch, so....
An informative read: http://www.informationweek.com/software/sh...cleID=175801150
Excerpt:

While Microsoft has chosen to patch the WMF vulnerability during its normal Patch Tuesday download, this comes well after it should have. "They have historically released patches on special occasions, and this is clearly one of those occasions,"

I agree.
Pretty bad when ever a third party has to roll up his sleeves to do what M$ should of been doing all along.

Shame, shame. Shame's thier name.
Posted Image

#6 Dollyeyes

Dollyeyes

  • Members
  • 226 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Nottingham, England town!
  • Local time:06:49 AM

Posted 05 January 2006 - 02:58 PM

:inlove: Hi Scarlett? I have downloaded Ilfaks patch as per Grinler instructions...do Microsoft have theirs out yet then...and will they contact me ie. when i do an update on IE? I have kept Grinlers instructions regarding uninstalling and reinstalling the other...er..thingy he said to do.. :thumbsup: :flowers: sorry...me in blonde mode tonight!! Oh..and Happy New Year too...x

:trumpet: oops...just looked around and seen that Microsoft have indeedy released theirs today and have uninstalled Ilfaks patch and did the DLL thingy..(love my knowledge of computer speak I do!!)so apologies...should read more!!

Edited by Dollyeyes, 05 January 2006 - 03:39 PM.

Posted Image
Of all the things Ive lost...I miss my mind the most!

#7 Datababe

Datababe

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:49 AM

Posted 05 January 2006 - 07:45 PM

I asked on another forum if anyone was considering installing Ilfak's patch rather than the Microsoft one, permanently. I'm frankly on the fence as to which I feel more comfortable "trusting"...but I'll admit at this point I'm leaning in the former direction. A well respected programmer really pouring his all into his code and inviting everyone to check it out sways me more than a monopoly corporation scrambling to save face. :thumbsup:

#8 jgweed

jgweed

  • Staff Emeritus
  • 28,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Il.
  • Local time:12:49 AM

Posted 05 January 2006 - 08:12 PM

Now that MS has been goaded into doing what it should have done in the first place, namely issueing a patch to a major security vulnerability in a timely manner, this question is rather moot.

All Windows users owe Ilfak an immense thanks both for his concern over the vulnerabilty, and by publishing it, his forcing MS to take some action. I also note that several commentators have also raised the question about MS's sluggishness after Ilfak published his solution.

Regards,
John
Whereof one cannot speak, thereof one should be silent.

#9 Scarlett

Scarlett

    Bleeping Diva


  • Members
  • 7,479 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:As always I'm beside myself ;)
  • Local time:12:49 AM

Posted 05 January 2006 - 08:21 PM

Ilfak Guilfanov is far from a household name.

But that may soon change as the Russian software developer's unauthorized Microsoft security patch is increasingly installed onto computers worldwide......



Why do you think your unofficial patch has been so popular with users?
I cannot tell for sure, but most likely because of my reputation as the author of IDA Pro disassembler...Second, the fix comes with the source code. This makes much easier to verify it--this is what exactly happened at the SANS Institute. The experts confirmed that the fix does exactly what it is supposed to do and approved it.


Full interview here:
http://news.com.com/Beating+Microsoft+to+t....html?tag=carsl

Edited by Scarlett, 05 January 2006 - 08:34 PM.

Posted Image

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:49 AM

Posted 06 January 2006 - 01:42 AM

Microshaft probably pinched his to get their's out faster... IMHO :thumbsup:

Thank you Ilfak Guilfanov for your selfless efforts I owe you a dinner :flowers:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 tos226

tos226

    BleepIN--BleepOUT


  • Members
  • 1,568 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:LocalHost
  • Local time:01:49 AM

Posted 15 January 2006 - 10:51 PM

All Windows users owe Ilfak an immense thanks both for his concern over the vulnerabilty, and by publishing it, his forcing MS to take some action. I also note that several commentators have also raised the question about MS's sluggishness after Ilfak published his solution.

Regards,
John

It's now history, isn't it? But for the record and the poll, I installed Ilfak's patch the day it came out. It installed well, It had CLEAR instruction about installing, uninstalling, and then after MS decided to slooooooooooooooowly follow suit of one HERO TO US all, it uninstalled cleanly. (I did not do the DLL tweaking, Ilfak explained it wasn't too good)

THANK YOU, ILFAK!! Way to go. Keep at it.

Hey, moderators, perhaps we should send this thread to Ilfak
:thumbsup:

Edited by tos226, 15 January 2006 - 10:53 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users