Linked by Thom Holwerda on Tue 3rd Jan 2006 23:13 UTC, submitted by Resolution
Windows Microsoft has updated its advisory today on the critical Windows flaw to state that development of the patch is complete, and they are now in the process of testing it. The expected release date for the patch is currently set for January 10, which will be included as part of Microsoft's monthly release of security bulletins. In the meantime, Microsoft advices against using a third party fix which appeared.
Order by: Score:
RE
by Kroc on Tue 3rd Jan 2006 23:34 UTC
Kroc
Member since:
2005-11-10

The slashdot coverage of the otherside of this topic may be of interest http://it.slashdot.org/it/06/01/03/1913252.shtml?tid=220&tid=109&ti...

From the ZDNet article: "This is a very unusual situation -- we've never done this before. We trust Ilfak, and we know his patch works. We've confirmed the binary does what the source code said it does. We've installed the patch on 500 F-Secure computers, and have recommended all of our customers do the same. The businesses who have installed the patch have said it's highly successful"

What do MS recommened instead then? Disable images in IE?

Reply Score: 2

RE
by JamesTRexx on Tue 3rd Jan 2006 23:49 UTC in reply to "RE"
JamesTRexx Member since:
2005-11-06

I can see their point of view, they want to make sure that a patch for this has been thouroughly tested before releasing it to the public.
The unofficial patch might break a critical system, or better said, might have a bigger chance of breaking something that hasn't been tested.

Reply Score: 3

RE
by Kroc on Wed 4th Jan 2006 00:02 UTC in reply to "RE"
Kroc Member since:
2005-11-10

500 computers of F-Secure themselves, isn't "tested". Feedback from other companies, too.

As a business you have the choice of mass internal infestation and potential security breach or loss of data. Or a patch that the AVers are using themselves.

Sure companies still use IE in the firstplace, but it's not all that easy for some to move away from it. (eg. Internal intranets and webapps)

Reply Score: 2

RE
by gonzo on Wed 4th Jan 2006 02:30 UTC in reply to "RE"
gonzo Member since:
2005-11-10

500 computers of F-Secure themselves, isn't "tested". Feedback from other companies, too.

So USE that one and stop crying, please.

BTW, 500 computers is not enough when you're talking about the system that gets deployed all over the world. My guess is that MS is waiting for "green light" from major Windows users/customers.

Microsoft can not recommend third party's patch, what is so wrong with that? You can still use it, it's not like you have to blindly listen to MS, do you?

Or disable the most direct attack vector (you know, regsvr32 -u..) and get your antivirus up to date. All major av vendors have delivered updates to address this. And it works.

Reply Score: 2

RE
by JamesTRexx on Wed 4th Jan 2006 07:38 UTC in reply to "RE"
JamesTRexx Member since:
2005-11-06

Except that those pc's and the reports of others don't mean anything if they haven't used all possible scenarios. Maybe it was just opening a file on 500 different pc's, whereas MS tests with all wmf capable software to put it simple. MS needs to be very sure before they get sued by someone because the patch broke down something and a kitten died. (to put it in extremes)

Reply Score: 2

RE
by jofallon on Wed 4th Jan 2006 15:45 UTC in reply to "RE"
jofallon Member since:
2005-11-15

Is it exceptionally likely that Microsoft will complete full regression testing on a patch conveniently in one week just in time to fit the pre-existing monthly patch schedule? Or perhaps they just want to keep to their schedule, no matter what.

Every patch breaks something; there's almost always tradeoffs. And MS is setting themselves up for not patching a known vulnerability as fast as possible, perhaps.

Reply Score: 1

RE
by JamesTRexx on Wed 4th Jan 2006 22:11 UTC in reply to "RE"
JamesTRexx Member since:
2005-11-06

It's possible. Even though I'm not very fond of MS I hope they take these security issues seriously and trust them not to screw this up intentionally.

Reply Score: 1

RE
by Quoth_the_Raven on Wed 4th Jan 2006 10:31 UTC in reply to "RE"
Quoth_the_Raven Member since:
2005-11-15

"The unofficial patch might break a critical system..."

Hate to break it to you, but the system is already critically broken.

Reply Score: 1

RE
by JamesTRexx on Wed 4th Jan 2006 22:14 UTC in reply to "RE"
JamesTRexx Member since:
2005-11-06

You're right on a way, and I try to keep away from Windows whenever possible, but the reality is that there are already systems running MS stuff which are critical to some people/companies. Might as well keep them as safe as is possible.

Reply Score: 1

RE
by ma_d on Wed 4th Jan 2006 02:40 UTC in reply to "RE"
ma_d Member since:
2005-06-29

Microsoft can't recommend using this patch because then they'd have to support it. They don't want to do that, and it's very understandable.

Reply Score: 2

What are they doing?
by LB06 on Tue 3rd Jan 2006 23:51 UTC
LB06
Member since:
2005-07-06

I don't really understand it either. Microsoft is saying that people should just 'wait' for a CRITICAL patch? How could MS sell that to its (corporate) customers? "You'll risk getting keylogged only one week. That's not a big problem, is it? I'm sure there's no sensitive data at all."

This is imho a really unprofessional attitude. What are they trying to do? Keep it out of the media? Making us believe that the vulnerability isn't critical? What, exactly?

Reply Score: 5

RE: What are they doing?
by RGCook on Wed 4th Jan 2006 00:45 UTC in reply to "What are they doing?"
RGCook Member since:
2005-07-12

Cmon LB06, isn't it reasonable to verify that the "cure isn't worse than the ailment"? I mean like, the analogy is clear - drugs are tested before they are released to folks with whatever it is they are intended to treat. What happens if an apparently functional patch is later found to bork some critical app/function/service only because it was not properly tested? Hell Fire for MS!

Like a desperate patient, if you feel as though you are on your last legs and are willing to take the risk, go for the untested solution. Good luck. Hope it doesn't kill ya man!

Reply Score: 2

This is so awkward...
by Anonymous! on Tue 3rd Jan 2006 23:53 UTC
Anonymous!
Member since:
2005-11-11

quotes from the advisory:
Upon learning of the attacks, Microsoft mobilized under its Software Security Incident Response Process (SSIRP) to analyze the attack, assess its scope, define an engineering plan, and determine the appropriate guidance for customers, as well as to engage with anti-virus partners and law enforcement.

Microsoft confirmed the technical details of the attack on December 28, 2005 and immediately began developing a security update for the WMF vulnerability on an expedited track.

Microsoft has completed development of the security update for the vulnerability. The security update is now being localized and tested to ensure quality and application compatibility. Microsoftís goal is to release the update on Tuesday, January 10, 2006, as part of its monthly release of security bulletins. This release is predicated on successful completion of quality testing.


So this means they disable setting the default user as a superuser? This means they abandon IE? Or this means they just patch one of possibly hundreds of exploitable bugs which lead to full control of a MS Windows XP default installation?

In addition, anti-virus companies indicate that attacks based on exploiting the WMF vulnerability are being effectively mitigated through up-to-date signatures.

So is it all about making money and not at all about improving security?

What might an attacker use the vulnerability to do?
An attacker who successfully exploited this vulnerability could take complete control of the affected system.


The user was only visiting a malicious web site, right? "So let's make a list of all malicious web sites in future implementations of MS IE" instead of fixing the underlying problems?

This is really ridiculous.

Reply Score: 5

RE: This is so awkward...
by gonzalo on Wed 4th Jan 2006 06:21 UTC in reply to "This is so awkward..."
gonzalo Member since:
2005-07-06

So is it all about making money and not at all about improving security?

Yep. Isn't it always?

Reply Score: 2

Bleh
by Timerever on Tue 3rd Jan 2006 23:58 UTC
Timerever
Member since:
2005-07-06

Yeah this is kinda dumb... just release the patch.
BTW is this a IE only exploit? I use Opera and I don't see pr0n sites that much (I have it all on my hard drive) so I'm safe (for now).

Reply Score: 1

RE: Bleh
by blixel on Wed 4th Jan 2006 01:53 UTC in reply to "Bleh"
blixel Member since:
2005-07-06

BTW is this a IE only exploit? I use Opera...

It affects IE, Opera, and "older versions" of Firefox. I don't know for certain which "older versions", but I assume at least FF 1.5 is in the clear.

Reply Score: 1

RE[2]: Bleh
by burtis on Wed 4th Jan 2006 03:10 UTC in reply to "RE: Bleh"
burtis Member since:
2005-11-15

Thanks for the advice about older versions of Firefox.

I run fedora 4, but since Saturday my system has been sluggish. I was runnning an older version of Firefox (1.06). I installed Firefox 1.5. Now everything seems to be back to normal. I think that is the first time I have been affected by a virus since coming to linux in 2001.

Is there anything else I need to do except delete out the old directory of firefox?

Reply Score: 1

RE[3]: Bleh
by unoengborg on Wed 4th Jan 2006 03:39 UTC in reply to "RE[2]: Bleh"
unoengborg Member since:
2005-07-06

I was under the impression that this was a windows only thing. So my guess is that the sluggishness you have experienced have some other reason.

Reply Score: 1

RE[4]: Bleh
by burtis on Wed 4th Jan 2006 04:02 UTC in reply to "RE[3]: Bleh"
burtis Member since:
2005-11-15

"I was under the impression that this was a windows only thing. So my guess is that the sluggishness you have experienced have some other reason."

That was I thought too but blixel said, "It affects IE, Opera, and "older versions" of Firefox. I don't know for certain which "older versions", but I assume at least FF 1.5 is in the clear.

I upgraded to ff 1.5 and that was the only change I made and since then everything is back to normal. I have not even rebooted. Strange????

Is it possible the sluggishness was the result of a program running in the background whenever I ran ff1.06?

I just don't know but if anybody is experienceing sluggishness and they are running an older version of FireFox I suggest they try upgrading firefox.

Any other opinions?

Reply Score: 1

RE[5]: Bleh
by elsewhere on Wed 4th Jan 2006 05:10 UTC in reply to "RE[4]: Bleh"
elsewhere Member since:
2005-07-13

"I was under the impression that this was a windows only thing. So my guess is that the sluggishness you have experienced have some other reason."

That was I thought too but blixel said, "It affects IE, Opera, and "older versions" of Firefox. I don't know for certain which "older versions", but I assume at least FF 1.5 is in the clear.


Well, it's a Windows flaw so I think the underlying assumption is that it affects IE, Opera and older versions of FF running on Windows ;) It's actually a flaw in one of the .dll's used for processing WMF files, so there's zero chance of explot in linux, unless you happen to be running Firefox for Windows under Wine in linux and also have Office installed, though even then any risk to your underlying linux system would still be relatively equal to zero.

I upgraded to ff 1.5 and that was the only change I made and since then everything is back to normal. I have not even rebooted. Strange????

FF 1.5 is inherently better performing that 1.0x versions, so you would definitely have noticed a change.

There were numerous security vulnerabilities with earlier versions of FF, some of which could have impacted linux users though not on the scale of the Windows exploit. I'd be surprised though if the Fedora team hadn't backported security patches to the FC4 version of Firefox, I assume you'd been updating regularly? Regardless, this exploit couldn't have impacted you.

Is it possible the sluggishness was the result of a program running in the background whenever I ran ff1.06?

Sure, Fedora's default install is a bit heavy so there could be services etc. running in the background causing sluggish performance, could be the result of recent upgrades that may have impacted the libraries in use. Even a flaky or poorly written extension could cause Firefox to drag. Hard to narrow down without knowing more.

I just don't know but if anybody is experienceing sluggishness and they are running an older version of FireFox I suggest they try upgrading firefox.

Good advice in general.

Reply Score: 1

RE[2]: Bleh
by alime on Wed 4th Jan 2006 04:19 UTC in reply to "RE: Bleh"
alime Member since:
2005-07-06

Iím sorry but your wrong. I just was hit by the exploit and Symantec caught it. Iím using Firefox 1.5
"A"

:(
This SUX. MS Fix your holes. Please.

Reply Score: 1

RE: Bleh
by dsmogor on Wed 4th Jan 2006 10:17 UTC in reply to "Bleh"
dsmogor Member since:
2005-09-01

No, you're not. It's possible to plant exploit in many pages that allow posting images, count blogs, formus, friend matching sites, online auctions and so on, so on

Reply Score: 1

Ignorant Basterds
by smoothar on Wed 4th Jan 2006 00:18 UTC
smoothar
Member since:
2006-01-04

From the https://blogs.technet.com/jesper_johansson/archive/2006/01/02/416762...

"Finally, there is an unofficial patch. Patch really is the right terminology for this. It patches (using basic rootkit technology) a system DLL to ignore calls to the vulnerable function. The patch is an executable and has to be run on each vulnerable system, meaning cost of implementation is potentially very high. According to SANS, it does stop the current exploits. Personally, I have not tested it, and I have no intention of using an unofficial patch at this time."

Yeah, right , throw in some "root kit" stuff, more FUD.

Reply Score: 1

RE: Ignorant Basterds
by yawntoo on Wed 4th Jan 2006 17:00 UTC in reply to "Ignorant Basterds"
yawntoo Member since:
2006-01-04

Actually this patch _does_ use a fairly standard rootkit attack vector to do its work. The patch injects code into each running process to patch the the import of the call to Escape (exported from gdi32.dll) so that it does nothing.

Process injection is a standard malware/rootkit technique, and system call patching (via IAT hooks or direct manipulation of the loaded code image) is standard practice for user mode rootkits. It is a pretty cool way to patch the problem without modifying to OS binaries.

This is rootkit technology because it used in many rootkits. It is used because it works. This does not mean that the patch is a rootkit.

Reply Score: 1

Untested now, Tested later
by Guinness on Wed 4th Jan 2006 00:33 UTC
Guinness
Member since:
2005-12-31

I do not understand Microsoft! Why would they not release an untested "BETA" patch now to customers/enterprises willing to forgo formal QA/QT?

At any rate I congratulate the developer who did write the patch that is available now.

It just goes to show, how true it is over and over, small things can move mountains. In this case one developer.

Reply Score: 1

Overblown eh?
by microshag on Wed 4th Jan 2006 00:38 UTC
microshag
Member since:
2005-11-30

"Privately, Microsoft officials are furious that the issue was overblown..."

Are they equally as furious that yet another major weakness in their OS has been found and that somebody else came up with a patch first? Or are they just furious that they're getting "picked on"? What an ass this Johansson is.

Reply Score: 2

RE[2]: What are they doing?
by Anonymous! on Wed 4th Jan 2006 01:11 UTC
Anonymous!
Member since:
2005-11-11

Cmon LB06, isn't it reasonable to verify that the "cure isn't worse than the ailment"? I mean like, the analogy is clear - drugs are tested before they are released to folks with whatever it is they are intended to treat. What happens if an apparently functional patch is later found to bork some critical app/function/service only because it was not properly tested? Hell Fire for MS!

It simply can't get more serious. This is a remote exploit which requires no user interaction (besides visiting a malicious site) but gives the attacker potentially full control over the system. Furthermore this means "as every casual user can't really know if his system has already gone to some malicious asshole, he has to reinstall the complete system after the patch is released by MS". Of course, nobody really takes these actions but, instead, relies on his Antivirus/Antispyware products.

Reply Score: 2

only 7 more days to go!
by Resolution on Wed 4th Jan 2006 01:38 UTC
Resolution
Member since:
2005-11-14

So does this mean that they need 7 more days of testing? I highly doubt it. I really hope people can see that Microsoft is releasing this patch at a time that is convenient for them, and not their consumers.

Edited 2006-01-04 01:39

Reply Score: 3

Taken their sweet time.
by Milo_Hoffman on Wed 4th Jan 2006 02:17 UTC
Milo_Hoffman
Member since:
2005-07-06

This is totally an outrage.

I set an EMAIL about this LAST WENDSDAY to our support team and Microsoft STILL DOES NOT have a patch.

Some guy on the internet to use open source tools to hack their binaries and come up with a fix when Microsoft still sits on their ass and tell us to wait?


THIS WOULD NEVER HAPPEN WITH OPEN SOURCE!! NEVER!


Man...to quote office space:
"thumbs up their asses, thumbs up their asses."

Reply Score: 1

RE: Taken their sweet time.
by physeter on Wed 4th Jan 2006 04:19 UTC in reply to "Taken their sweet time."
physeter Member since:
2005-08-26

The guy that made a fix *did not* patch binaries. The "patching" is done in memory and no system file is ever changed. The fix can easily be uninstalled before applying the official patch.

Reply Score: 2

RE: Taken their sweet time.
by Tom K on Wed 4th Jan 2006 08:47 UTC in reply to "Taken their sweet time."
Tom K Member since:
2005-07-06

Yeah, because in the open source world they'd just release a patch and not even bother testing it on 10 machines.

Reply Score: 2

RE[2]: Taken their sweet time.
by hal2k1 on Wed 4th Jan 2006 09:57 UTC in reply to "RE: Taken their sweet time."
hal2k1 Member since:
2005-11-11

"Yeah, because in the open source world they'd just release a patch and not even bother testing it on 10 machines."

WTF?

Windows security is borked, has been for years, there are thousands of Windows machines out there utterly own3d, people are expected to pay for this rubbish, Microsoft takes forever to come up with a fix to a 0day exploit and recomends *AGAINST* Windows users even temporarily avoiding Microsofts stuff-up by insatlling a patch Microsoft didn't write - and it is all somehow open source's fault according to you?

What planet are you on?

Reply Score: 1

RE[3]: Taken their sweet time.
by Tom K on Wed 4th Jan 2006 19:45 UTC in reply to "RE[2]: Taken their sweet time."
Tom K Member since:
2005-07-06

Get off the Linux cake and come back to us.

Or maybe you just have no concept of computing past the rubbish heap in your garage. You know, in the real world ... stuff like this has to be tested, especially when many businesses rely on it ...

Reply Score: 0

RE[4]: Taken their sweet time.
by rcsteiner on Wed 4th Jan 2006 22:13 UTC in reply to "RE[3]: Taken their sweet time."
rcsteiner Member since:
2005-07-12

While it's true that testing is important, sometimes its more important to make a rough (if unsupported) patch available to ones clients.

IBM did this with their OS/2 platform -- that was one of the purposes behind the testcase site, and one could even get unofficial kernel builds in that way (sans support).

Maybe MS has something similar I'm just not aware of?

Reply Score: 1

RE[5]: Taken their sweet time.
by Tom K on Thu 5th Jan 2006 01:47 UTC in reply to "RE[4]: Taken their sweet time."
Tom K Member since:
2005-07-06

They might do something of the sort through their beta program, but I wouldn't know.

Reply Score: 1

RE[2]: Taken their sweet time.
by molnarcs on Wed 4th Jan 2006 12:19 UTC in reply to "RE: Taken their sweet time."
molnarcs Member since:
2005-09-10

I know I'm replying to a known troll but still...

This proves that you have no idea whatsoever how patches work. When a vulnerability is found in the kernel or any of the supporting libraries, there are a number of possibilities: it might be possible that the patch requires 0 testing, simply because the code in question and the solution has no way to bork your machine, and can be deemed safe. Then there can be patches that needs testing, because perhaps it might lead to instabilities or expose other problems. So there is no universal rule that _every_ patch should be tested on 1000 machines to be safe.

Yeah, probably we would find some cases when a patch broke something, but even then, we can't be 100% certain that problems with the patch would have been exposed during tests. On the other hand, that isn't very rare with Microsoft patches now is it? So how come the oh so professional Microsoft Corp. with supposedly adequate testing (and tons of money to set up testing facilities) can (repeatedly) release patches that break something?

Reply Score: 1

govt
by Anonymous on Wed 4th Jan 2006 02:27 UTC
Anonymous
Member since:
---

do you think such a globally pervasve system would be so leaky without official sanction? the govt wants MS sofware to be this way - before it was office softwafre but web connecting software is easier to control remotelty. trust me - if they didn't want it like this no way would anyone sell this for a price.

Browser: Links (2.1pre18; Linux 2.6.12-14mdk-i686-up-4GB i686; 80x24)

Reply Score: 0

tsk tsk tsk...
by SEJeff on Wed 4th Jan 2006 02:38 UTC
SEJeff
Member since:
2005-11-05

Don't use the unofficial patch, Microsoft would rather your box be owned. When will they learn.

Reply Score: 1

PLUG PULLED!
by Milo_Hoffman on Wed 4th Jan 2006 02:38 UTC
Milo_Hoffman
Member since:
2005-07-06

Haha...this gets even more of a shitfest for Microsoft..

The http://www.hexblog.com/ site that had the unoffical patch has been pulled off the net probably for excedding bandwith or something.

MAN, Microsoft software is low quality garbage and anyone who makes their business depend on it is freaking crazy.

Reply Score: 1

Some Updates
by Anonymous on Wed 4th Jan 2006 04:19 UTC
Anonymous
Member since:
---

This flaw potentially affects all versions of Windows back to 3.0. To trigger it, you need Windows, plus a viewer. Windows versions from XP onward (including Vista Beta) use the Picture and Fax Viewer as a default viewer for WMF files. Third party, registered WMF viewers might also be affected.

In practice, this means that by default, Windows 2000, ME, and earlier will not get infected. Install any other graphics software, and things might get very different.

The Unofficial patch may impact some network printing. If it does, it can be removed via the control panel. It should be removed prior to installing any official patch from Microsoft.

Robert Cringely wrote an article about corporate culture recently, arguing that it remains pretty constant over time, even in a fast moving field, such as computer technology. The WMF flaw is the result of a flawed decision made roughly 15 years ago. Microsoft's current response to the flaw still shows they don't "get" security.
http://www.pbs.org/cringely/pulpit/pulpit20051222.html

Peter Besenbruch

Browser: Links (1.00pre12;Linux 2.4.40 i786)

Reply Score: 2

RE: Some Updates
by alcibiades on Wed 4th Jan 2006 09:08 UTC in reply to "Some Updates"
alcibiades Member since:
2005-10-12

"In practice, this means that by default, Windows 2000, ME, and earlier will not get infected. Install any other graphics software, and things might get very different."

Why then does SANS say that this should be the end for W9x, and that everyone still on should upgrade because there is no fix?

Are you quite sure it is right that 2000 and 9x are not at risk?

Reply Score: 1

ApproachingZero
Member since:
2005-11-10

I'm sure that, like each and every other time a major Windows virus / worm / security hole story became major network news, the tone of ABC/NBC/CNN/FOX and their affiliates will be "computers are dangerous! Don't touch or go near your computer!" rather than "Windows is dangerous. Use something else."

Reply Score: 1

Here's a back up url to the patch!
by bornagainenguin on Wed 4th Jan 2006 05:27 UTC
bornagainenguin
Member since:
2005-08-07

Good thing I uploaded the ptach to rapidshare.de yesterday then, isn't it?

[ http://rapidshare.de/files/10230411/wmffix_hexblog11.exe.html ]

Of course I don't need it myself I'm currently using Ubuntu and will likely stay there until this whole thing blows over. Fresh install as of this morning! I knew it was time to get out when I hadn't seen any response from Microsoft and was beginning to hear astroturfing about 'malicious sites' --as if you can know for a fact which sites will be attacked ahead of time! The fact that this is an ongoing issue makes me doubly glad I moved out when I did! I'll probably wait for the offical patch and the ptach to fix that patch before throwing my drive image back on and patching my system.

--bornagainpenguin (who wishes good luck to anyone unfortunate enough to still 'need' be on Windows on days like this...)

Reply Score: 1

DEAR!
by Milo_Hoffman on Wed 4th Jan 2006 05:41 UTC
Milo_Hoffman
Member since:
2005-07-06

Dear Windows Users: You're all sitting ducks! Hahaha - Microsoft.

Reply Score: 0

re: Some Updates
by Anonymous on Wed 4th Jan 2006 06:43 UTC
Anonymous
Member since:
---

You can get the unofficial patch here:
http://castlecops.com/a6436-Newest_WMF_Exploit_Patch_Saves_the_Day....
http://handlers.sans.org/tliston/wmffix_hexblog14.exe
http://handlers.sans.org/tliston/WMFHotfix-1.4.msi

As others have noted, hexblog.com has been slammed, and is no longer available.

Peter Besenbruch

Browser: Links (1.00pre12;Linux 2.4.40 i786)

Reply Score: 1

Get the patch here
by ApproachingZero on Wed 4th Jan 2006 07:39 UTC
ApproachingZero
Member since:
2005-11-10

In case those other sites get too bogged down, you can also get a patch for the WMF vulnerability here: http://store.apple.com/

Reply Score: 0

.
by Anonymous on Wed 4th Jan 2006 09:08 UTC
Anonymous
Member since:
---

does anyone even use wmf for anything other than exploiting vulnerabilities like this one? i've never seen a legitimate use of the format and microsoft's implementation of it has always been full of holes like this one... i remember using similar exploits on windows 95 machines when i was in high school... wouldn't it be so much easier for microsoft to completely remove support for the format from windows?

Browser: Mozilla/4.0 (MobilePhone PM-8200/US/1.0) NetFront/3.1 MMP/2.0

Reply Score: 0

Background ?
by Anonymous on Wed 4th Jan 2006 09:49 UTC
Anonymous
Member since:
---

This is how I understand the exploit came to light -

Re:They call hackers researchers now? (Score:5, Informative)
by ninja_assault_kitten (883141) on Wednesday December 28, @08:30PM (#14355305)


The exploit was published by HD Moore after reverse engineering some malware. HD Moore is absolutely a very prominent researcher and hacker. Secondly the person(s) who discovered the vulnerabilty and wrote the initial malware to exploit it are also hackers. Even by the historical definition. Intent has no bearing on the term. Skill does. And you can't tell me discoverying a 0day affecting any MS platform doesn't require skill. There are tens of thousands of researchers out there right now who can't.

http://it.slashdot.org/comments.pl?sid=172399&cid=14355305




I assume this is the release post at Metasploit -

http://www.metasploit.com/archive/framework/msg00755.html

And I assume this is the example code - http://www.frsirt.com/exploits/20051231.ie_xp_pfv_metafile.pm.php

Browser: ELinks (0.4pre5; Linux 2.6.0 i686; 176x66)

Reply Score: 0

Hmm
by Unbeliever on Wed 4th Jan 2006 10:33 UTC
Unbeliever
Member since:
2005-07-09

Anyone read 'Waiting for Godot' ? That's Microsoft.

Reply Score: 1

RE: Hmm
by Anonymous on Wed 4th Jan 2006 11:10 UTC
Anonymous
Member since:
---

Anyone read 'Waiting for Godot' ? That's Microsoft.

"Godot" is a bottomless pit of evil. Microsoft are a bottomless pit of incompetence.

Browser: ELinks (0.4pre5; Linux 2.6.0 i686; 176x66)

Reply Score: 0

RE[3]: Taken their sweet time.
by microshag on Wed 4th Jan 2006 20:49 UTC
microshag
Member since:
2005-11-30

Or maybe their vast 10,000 man Windows division could simply get the lead out.

Reply Score: 1