MetaFile Problems Continue..
The SANS Institute's Internet Storm Center (ISC) has raised the infocon level back to yellow, based on the metafile issues that were announced December 28. F-Secure has announced the discovery of using .jpeg attachments in email to propogate this virus/vulnerability and the irresponsible disclosure by FRIST.
There is a temporary patch that is being recommended by the ISC written by Ilfak Guilfanov that will mitigate the problem. The patch can be downloaded at http://handlers.sans.org/tliston/wmffix_hexblog14.exe.
You are still HIGHLY recommended to unregister the dll I listed on December 28th in addition to this patch.
SECURE YOUR COMPUTER. I will be testing it at home and will let post if there are any problems noticed.
Update - 1/3/06 - I have had no issue with the patch so far. Microsoft is scheduled to release their patch on 1/10/06, depending on the results of their testing. The patch put out by Ilfak can be easily uninstalled and should be when Microsoft releases their patch.
There is a temporary patch that is being recommended by the ISC written by Ilfak Guilfanov that will mitigate the problem. The patch can be downloaded at http://handlers.sans.org/tliston/wmffix_hexblog14.exe.
You are still HIGHLY recommended to unregister the dll I listed on December 28th in addition to this patch.
SECURE YOUR COMPUTER. I will be testing it at home and will let post if there are any problems noticed.
Update - 1/3/06 - I have had no issue with the patch so far. Microsoft is scheduled to release their patch on 1/10/06, depending on the results of their testing. The patch put out by Ilfak can be easily uninstalled and should be when Microsoft releases their patch.
posted by Kirk at 7:06 PM
0 Comments:
Post a Comment
<< Home