Linked by Thom Holwerda on Wed 4th Jan 2006 22:45 UTC
Windows The saga around the WMF flaw in Windows continues. "A cryptographically signed version of Microsoft's patch for the Windows Metafile vulnerability accidentally leaked onto the Internet late Tuesday, adding a new wrinkle to the company's round-the-clock efforts to stop the flow of malicious exploits. The MSRC (Microsoft Security Response Center) acknowledged that a slip-up caused 'a fast-track, pre-release version of the update' to be posted to a security community site and urged users to 'disregard' the premature update."
Order by: Score:
Well...
by dylansmrjones on Wed 4th Jan 2006 23:28 UTC
dylansmrjones
Member since:
2005-10-02

This is becoming hilarious ;)

Reply Score: 5

Interesting
by Celerate on Wed 4th Jan 2006 23:59 UTC
Celerate
Member since:
2005-06-29

I wouldn't do this myself, but I think if people go against Microsoft's advice and try it anyway we might find out if it works now. Not that that's necessarily a good idea.

At least there'll be a patch within a week though. That's a relief since I still have to look after two windows boxes over here, and one of them is frequently in use by someone far more dangerous than any premature patch I can think of ;-) . I'm not looking forward to running a virus/malware scan on that box when the MS patch is finally out.

Reply Score: 1

Too slow...
by CapEnt on Thu 5th Jan 2006 00:07 UTC
CapEnt
Member since:
2005-12-18

What scare me is the fact they are already too late to release this patch.

Reply Score: 1

RE: Too slow...
by Celerate on Thu 5th Jan 2006 02:58 UTC in reply to "Too slow..."
Celerate Member since:
2005-06-29

Isn't that usually the case?

When a security hole becomes public knowledge it's a little late to be getting around to writing a patch. But that happens all to frequently anyway because either the company doesn't know about the problem, or hasn't scheduled time to fix it until there are exploits already in the wild and they realize they can't wait any longer.

Reply Score: 1

RE[2]: Too slow...
by jsight on Thu 5th Jan 2006 03:27 UTC in reply to "RE: Too slow..."
jsight Member since:
2005-07-06

No, that's not always what happens. This issue has been known to MS (and the world) for at least a couple of weeks now, and they still haven't issued a patch.

Red Hat, Novell, etc, would never take that long to issue a patch for an issue with the severity of this one.

Reply Score: 3

v RE[3]: Too slow...
by gonzo on Thu 5th Jan 2006 04:28 UTC in reply to "RE[2]: Too slow..."
RE[4]: Too slow...
by Celerate on Thu 5th Jan 2006 05:44 UTC in reply to "RE[3]: Too slow..."
Celerate Member since:
2005-06-29

"Because.. super-guru-coders work at RH and Novell and at MS we have a bunch of kids?"

So far you're the only one in this thread to have said that either directly or indirectly.

"Or could it be, because in "Linux world" it is acceptable that users/customers are, in fact, doing what is normally QA's job?"
That's a common myth actually.

Linux is not all developed by one entity, the software packaged by RH and the like are developed outside of the company. Red Hat simply packages and distributes that software with a price tag on it so they get a return for the work they did: taking different packages that would otherwise be separate, and bundling them together into a Linux distribution. Red Hat doesn't produce it's own patches for the software if there already is one, and the developers who contribute to open source software often write those patches first because they hear about it first and it's primarily their responsability. If someone, whether their customer or not, writes a patch first of their own volition it's hardly fair to claim that Red Hat is making it's customers roll out their own updates. I have heard of Linux distributors putting together their own patches before, but usually the people responsible for the vulnerable software get to it first or a patch is contributed. And even if Red Hat doesn't get to writing the patch first, they're still the ones that review the code before including it, package it, and take care of putting it up on a package repo so other's can get it.

Reply Score: 4

RE[5]: Too slow...
by gonzo on Thu 5th Jan 2006 12:59 UTC in reply to "RE[4]: Too slow..."
gonzo Member since:
2005-11-10

So far you're the only one in this thread to have said that either directly or indirectly.

Yeah, but someone else said that "RH or Novell" would provide patch much faster without any explanation.

and the developers who contribute to open source software often write those patches first because they hear about it first and it's primarily their responsability

We all know how well it works when Pat Slackware got sick. Define "developers who contribute to open source software"? Big companies don't like to deal with something not really defined.


And please, why did you skip this part:

Guilfanov: I think Microsoft should develop a patch, (and) test and release it. And I believe that this is exactly what they are doing.

You guys know better than him, too...

Reply Score: 1

RE[6]: Too slow...
by Celerate on Thu 5th Jan 2006 23:38 UTC in reply to "RE[5]: Too slow..."
Celerate Member since:
2005-06-29

"So far you're the only one in this thread to have said that either directly or indirectly.

Yeah, but someone else said that "RH or Novell" would provide patch much faster without any explanation. "


I can't see how saying "RH or Novell" would patch it faster translates into an insult on MS.

"We all know how well it works when Pat Slackware got sick."

Red Hat and Novell are companies, run by several people and capable of continuing should anything happen to one or more of them. Pat Volkerding (is that how you spell his last name) is one person, with a distribution which is more or less his own. So the comparisson isn't a good one.

Secondly when Pat Volkerding became ill few people knew what had actually happened to him at first, to many he simply seemed to have disappeared until news of the guy's illness had reached them. As I understand it no one took over for him because it wasn't important enough yet, and because there was still a good enough chance he might recover. Had he not survived I have no doubt someone else would have taken over the project, and no doubt now the guy has a backup plan should anything happen to him.

Thirdly just because no one is there to package an update doesn't mean there isn't one. It simply means that it's not packaged for that distribution yet so some independent person will probably package it and in the mean time sysadmins can install it manually which is what they are payed for. Heck, even most ordinary Linux users I know of know how to compile software from source, and if they don't they can get easy help from IRC, if you ask nice enough someone might even package it up for you so you never have to go near a console (depending on your distribution of course, but most now can do package management with a GUI).

"And please, why did you skip this part:

Guilfanov: I think Microsoft should develop a patch, (and) test and release it. And I believe that this is exactly what they are doing.

You guys know better than him, too..."


I don't think I disagree with that part, so why would I need to reply to it.

Reply Score: 1

RE[5]: Too slow...
by gonzo on Thu 5th Jan 2006 13:07 UTC in reply to "RE[4]: Too slow..."
gonzo Member since:
2005-11-10

"Or could it be, because in "Linux world" it is acceptable that users/customers are, in fact, doing what is normally QA's job?"

<i?That's a common myth actually.[/i]

Well let's see: so you say that users are not doing QA's job (my point of virew), RH is not doing it, Novell is not doing it..

Well, who is doing it then? Nobody?

Red Hat doesn't produce it's own patches for the software if there already is one

And if there isn't one? And my company pays for support to RH?

Righhht..

Reply Score: 1

RE[6]: Too slow...
by Celerate on Thu 5th Jan 2006 23:53 UTC in reply to "RE[5]: Too slow..."
Celerate Member since:
2005-06-29

""Or could it be, because in "Linux world" it is acceptable that users/customers are, in fact, doing what is normally QA's job?"

<i?That's a common myth actually.

Well let's see: so you say that users are not doing QA's job (my point of virew), RH is not doing it, Novell is not doing it..

Well, who is doing it then? Nobody?

Red Hat doesn't produce it's own patches for the software if there already is one

And if there isn't one? And my company pays for support to RH?

Righhht.."


Ok, lets try this again. Obviously you don't understand the relationship between OSS developers and Linux distributions.

Linux distributions are comprised of the Linux kernel and software, these are not written by Red Hat or Novell, athough the two companies do contribut code among other things. Other people maintain the programs they wrote that Red Hat and Novell in turn package for their distributions. Now if there is a problem, the people who actually wrote the software and continue to maintain it are usually the ones who also fix it if someone else doesn't willingly contribute a fix first, and it actually happens very fast with a patch usually released before 24 hours elapses. All Red Hat and Novell do is is package the patch and put it up on their servers so people can update. Now, if a patch isn't issued that is where things change, either Red Hat or Novell or some other distributiors will have their employees work on a patch and then they are packaged and uploaded to the servers usually very promptly.

Neither Red Hat or Novell leave thier customers or users to roll out thier own patches, if patches are contributed it's done by people who wanted to do it. Otherwise the distributors take care of making and packaging the patches themselves, and they do so very promptly.

Reply Score: 1

Well done
by diegocg on Thu 5th Jan 2006 00:31 UTC
diegocg
Member since:
2005-07-08

Microsoft has the patch, still they don't release it because of the needed testing they have this weird rule of only releasing security fixes on tuesday)



I only can say: WELL DONE. When you've 95% of the computer market share you just can't take two weeks to release a critical fix that is already being exploited. Release it early even if it's buggy.



The patch breaks something? Well, who cares. Your system is broken because of a unpatched security bug anyway. Time has show that what is important is not the quality of the software, but how fast you can fix it. Just make the patch, test it slightly so it don't breaks the basic functions of the OS, release it to protect your users, do extensive testing, check if it breaks something, and if it breaks something release another security fix. While this metodology may look crazy, it sure has a lot more sense than having to wait until 10th January to get a fix and be exposed to be infected by Yet Another Worm.


Of course this won't work because of the stupid "if you release a fix to fix a fix your company is crap" mentality. It's amazing how companies don't matter releasing untested versions of software when there's a lot of pressure to release a product (Microsoft has eliminated a release candidate version from Vista because of the lack of time), still they will spend a full week to test and release a bug that is already being exploited and is already coded today.

Edited 2006-01-05 00:37

Reply Score: 5

RE: Well done
by Celerate on Thu 5th Jan 2006 05:51 UTC in reply to "Well done"
Celerate Member since:
2005-06-29

"Just make the patch, test it slightly so it don't breaks the basic functions of the OS, release it to protect your users"

As long as they make it optional. I can go a while without browsing untrusted sites in Windows (or I could just use Linux) and would rather that than having things break because of the patch. I'm sure sysadmins for big companies would really appreciate having the WMF hole patched at the expense of breaking other parts of the OS and having users complain to them all day, they may even get fired for fixing a problem most ignorant users were oblivious to at the expense of bringing up several other problems that those users aren't so oblivious to.

Early access for those who want it is fine, as long as the experimental patches are deselected by default and labeled as experimental on the Windows update site.

Reply Score: 2

Seamlessly
by microshag on Thu 5th Jan 2006 00:32 UTC
microshag
Member since:
2005-11-30

"Interestingly, Microsoft's patch works seamlessly with the unofficial hotfix from reverse-engineering guru Ilfak Guilfanov. "It looks like Microsoft was right on the ball with a patch and they've done it the right way, taking all things into consideration, including the fact that [Guilfanov's patch] is going to be on a lot of machines," a source said."

So then it won't be necessary to uninstall Ilfak's patch even after the new one is installed?

Reply Score: 1

Culpability in this case?
by mahlerrd on Thu 5th Jan 2006 01:06 UTC
mahlerrd
Member since:
2005-07-06

A quick recap - We have a hole a mile wide in a zillion desktops and servers (including a hundred and a dozen managed by me), and known exploits for said hole.

We have an unnoficial patch, and we also have a semi-official patch (being officially from MS and leaked before all testing is complete for all languages, if I have my facts right).

Microsoft says "Nope, don't use EITHER patch! Just keep waiting."

So, are they *now* responsible if my network gets infiltrated? Am I irresponsible if I follow their instructions?

Reply Score: 2

RE: Culpability in this case?
by Resolution on Thu 5th Jan 2006 01:14 UTC in reply to "Culpability in this case?"
Resolution Member since:
2005-11-14

So, are they *now* responsible if my network gets infiltrated? Am I irresponsible if I follow their instructions?

The only one acting irresponsibly is Microsoft. There is absolutely no excuse for such a lengthy release period. Furthermore, there is no excuse for setting future release dates for something that should have been released days ago. I would advise you to do whatever you have to do to secure your network because the company that has the "Trustworthy Computing" campaign has obviously abandoned their consumers, if only temporarily.

Edited 2006-01-05 01:18

Reply Score: 5

RE: Culpability in this case?
by raver31 on Thu 5th Jan 2006 08:58 UTC in reply to "Culpability in this case?"
raver31 Member since:
2005-07-06

Microsoft says "Nope, don't use EITHER patch! Just keep waiting."

So, are they *now* responsible if my network gets infiltrated? Am I irresponsible if I follow their instructions?


Emmm.... No

Microsoft are never responsible if anything happens to your computers/software/data while you are running any version of Windows.

In fact, you should all have a read of the EULA. Microsoft cannot be held responsible if a security issue screws up your PC, they also cannot be held responsible if their own software screws your PC.

This is strange though, why should they delay the patches release for testing, if, ultimately, they do not care if they hose your machine or not.

This is not FUD or flamebait... have a look at the EULA for yourself.

Reply Score: 1

v Overblown
by Tom K on Thu 5th Jan 2006 01:49 UTC
v RE: Overblown
by Anon on Thu 5th Jan 2006 02:02 UTC in reply to "Overblown"
RE[2]: Overblown
by Tom K on Thu 5th Jan 2006 02:19 UTC in reply to "RE: Overblown"
Tom K Member since:
2005-07-06

Yeah? And how exactly are you going to do that? Short of this and my own site, I don't read any other forums.

In any case, Opera on my Windows box is set up not to load any images anyway. Windows = gaming, encoding.

Reply Score: 0

RE: Overblown
by diegocg on Thu 5th Jan 2006 02:27 UTC in reply to "Overblown"
diegocg Member since:
2005-07-08

You know, I have to say that in my 5 years of using XP, I have *never* seen or used a WMF file, let alone had one sent to me.


....maybe because the bug was discovered two weeks ago?

In case you don't get it, virus creaters will start using it today even if nobody in the whole world had created a WMF file in 10 years. Windows supports it. It's everything you need to get a worm working. Actually, the fact that nobody uses WMF makes it worse: nobody knows what WMF files do, so it'll be much easier to deceive users.

Edited 2006-01-05 02:30

Reply Score: 2

RE: Overblown
by Sollord on Thu 5th Jan 2006 03:24 UTC in reply to "Overblown"
Sollord Member since:
2006-01-05

This is hardly over blown. I've had norton popup about 10times because websites and some web ads have this exploit in them.

Reply Score: 1

RE[2]: Overblown
by cwdrake on Thu 5th Jan 2006 03:47 UTC in reply to "RE: Overblown"
cwdrake Member since:
2005-08-09

I talked to Symantec tech support today. They are having problems with lots of false positive detections on this. it is possible that the files you are seeing detected are not actually malicious.

Reply Score: 1

RE: Overblown
by hal2k1 on Thu 5th Jan 2006 04:50 UTC in reply to "Overblown"
hal2k1 Member since:
2005-11-11

You do realise that black hats can give a malicious wmf file another extension (such as gif or jpg) and your Windows security hole will still be exposed, don't you?

Reply Score: 1

RE: Overblown
by Snifflez on Thu 5th Jan 2006 06:19 UTC in reply to "Overblown"
Snifflez Member since:
2005-11-15

"This is getting overblown. If you don't come in contact with WMF files, you're safe."

False. WMF files may masquerade as seemingly legitimate image files by using a different extension. Ignorance is not a point of view, troll.

Reply Score: 2

WMF Files
by ohbrilliance on Thu 5th Jan 2006 02:20 UTC
ohbrilliance
Member since:
2005-07-07

I don't have a clue what WMF files are, but saw one for the first time just yesterday. Firefox in Linux asked me what I wanted to do with a WMF file that I hadn't explicitly requested.

So you may not know or have ever encountered WMF files, but you can bet they'll start popping up in order to exploit the vulnerability.

Reply Score: 1

Important notice
by jacquouille on Thu 5th Jan 2006 02:41 UTC
jacquouille
Member since:
2006-01-02

Windows users : it is important to know that a file may be a WMF even if its filename does not end in .wmf. Windows, like any modern OS, does not rely only on the extension to determine the filetype. Any file ending in .jpg or .jpeg or .gif or .bmp or... may be a WMF. So be extremely careful in e-mail attachments, and most importantly, disable the automatic displaying of pictures in your mail client.

Also note that, according to the SANS ISC, unregistering the dll is not a 100% sure protection, because malware may re-register it. (Maybe a safe solution would be to not only unregister the dll, but also rename the dll file, so that windows won't find it.)

EDIT : I just found this interesting story on the ISC website, titled "What do the bad guys do with WMF?" :
http://www.isc.sans.org/diary.php?storyid=1016

I'm happy I installed linux on the computers of my relatives (mother, brother, girlfriend...) -- at least they're safe.

Edited 2006-01-05 02:59

Reply Score: 1

RE: Important notice
by Marcellus on Thu 5th Jan 2006 05:23 UTC in reply to "Important notice"
Marcellus Member since:
2005-08-26

Also note that, according to the SANS ISC, unregistering the dll is not a 100% sure protection, because malware may re-register it.

In the same way that malware can re-register the dll, they can patch it in memory like the unofficial patch does, and still screw you over.

Reply Score: 1

RE: Important notice
by RenatoRam on Thu 5th Jan 2006 07:32 UTC in reply to "Important notice"
RenatoRam Member since:
2005-11-14

Actually, unlike modern operating systems, windows DOES use the extension to know the format of an image. Try to rename a .jpg to .whatever and see by yourself.

The list of known extensions is in the registry; just search for it.

By the way, a known method of deception is using extensions with strings that windows will NEVER show you (they look like long alphanumeric strings in curly braces, just like the many weird registry keys). I read in the past that it is quite simple to produce a file that looks like a "file.doc" but is actually a "file.doc.{dfa43d35sljf3d53k2afd5jf35kldjfldjflk}" (whatever).
The next step is registering an handler for this weird file type... like "execute this", or "open in explorer", and your virus/worm is served.

Reply Score: 1

Well, I've HAD it...
by Bobmeister on Thu 5th Jan 2006 03:22 UTC
Bobmeister
Member since:
2005-07-06

I am just HAD it with all of the hysteria every week about some new exploit. It's like just running a computer in these days will give people nervous breakdowns. I started my migration to other platforms three years ago, but have TWO Windows installations left, and frankly don't care if they blow up... but the poor businesses and IT managers that have to manage thousands of these things....this is a nightmare.

When will the gauntlet be brought down and Microsoft will finally have to PAY THE PRICE for the money and manpower that is being spent not on just THIS particular hole, but it's EVERY WEEK!

I've HAD it.

And I'm getting to the point, although it's not nice and it's not the right thing to do, of just laughing and not caring anymore when people call up with another problem to fix. I just can't do it anymore...

They (meaning the bad guys...not Microsoft) have ruined computing for most people...it's just not fun anymore, running Windows (except that the games still kick butt!

Maybe we should all just keep the Windows for gaming or playing with things, but disable the interface cards...boot into your BSD, Linux or fire up the MAC for the internet stuff...

Reply Score: 2

RE: Overblown
by Nathan O. on Thu 5th Jan 2006 04:56 UTC
Nathan O.
Member since:
2005-08-11

It isn't overblown. WMF files that have been renamed to have .jpg, .gif, etc. filename extensions are just as threatening. And all you have to do is visit a web page that contains any such WMF file.

The worry isn't over WMFs that you consciously download for use as a WMF file. It's over the fact that all you have to do is visit a malicious / hacked web page to hand your computer over to a sleaze.

Reply Score: 2

...
by suryad on Thu 5th Jan 2006 00:15 UTC
suryad
Member since:
2005-07-09

LOL it seems like MS cant please anyone these days. If they release a broken patch they get flak and if they release a working patch but takes time they still get flak! Nice lol.

Reply Score: 4

How do I know if computer is infected?
by Thomas2005 on Thu 5th Jan 2006 06:27 UTC
Thomas2005
Member since:
2005-11-07

What are the symptoms of infections? If I click on a WMF file Windows Media Player starts, but then displays a message saying there was an error and I am given the option of sending an error report or not. How would I go about reinstalling WMP or finding out if other system files are damaged and need fixing?

Reply Score: 1

Switch to MacOS or Linux
by d4rkn1ght on Thu 5th Jan 2006 06:31 UTC
d4rkn1ght
Member since:
2006-01-02

For those that don't know what a WMF file is: http://filext.com/detaillist.php?extdetail=wmf

I think is time for me to switch my parents to Apple. I'm finally sick of cleaning and fixing their Windows machine. Everyday is something new. I feel that I have become sort of a Windows expert fixing these kind of freaking problems all the time.

I have always been a Mac user since day one (System 1 to Mac OS X), and I have never seen an exploit with this level of damage on the Mac.

Reply Score: 1

RE: ...
by Nathan O. on Thu 5th Jan 2006 07:04 UTC
Nathan O.
Member since:
2005-08-11

Here's my big question I haven't seen asked yet:

How come they have to do so much testing in so many languages for a simple patch to the library that handles an image format?

Where do foreign languages come in to it? Shouldn't it be language agnostic?

In theory, couldn't they completely replace their libwmf.dll (or whatever they call it) with an entirely different one that was built to be compatible and have no reason to worry? (again, in theory)

And for cryin' out loud, there are so few places where WMF is used, and it's a relatively simple format... couldn't they just assign 50 people to testing, give each of them four computers loaded with all sorts of esoteric software, and let them test all day for one day? And let their Big Name Partners do the same for their in-house software?

How much can any patch possibly screw up an image format handler???

Reply Score: 1

RE[2]: ...
by Marcellus on Thu 5th Jan 2006 07:14 UTC in reply to "RE: ..."
Marcellus Member since:
2005-08-26

How much can any patch possibly screw up an image format handler???

Has it occurred to you that it's not only the image format handler that is being patched?

AFAIK, this was simply an attack vector that was vulnerable, but fixing the handler itself won't remove the underlying problems.

Reply Score: 1

RE[3]: ...
by Nathan O. on Thu 5th Jan 2006 16:08 UTC in reply to "RE[2]: ..."
Nathan O. Member since:
2005-08-11

It occurred to me, yes, but can anyone give me an example of such a thing happening in a properly designed library?

I'm asking seriously. I'm in school for this sort of thing right now, and I'd like to know. I'll have to look up the details of the vulnerability now.

Reply Score: 1

RE[3]: ...
by Nathan O. on Thu 5th Jan 2006 16:44 UTC in reply to "RE[2]: ..."
Nathan O. Member since:
2005-08-11

I looked this thing up on Symantec's web site (let me know if they aren't as reputable as I think), and it seems there are two reports of WMF bugs. The first was reported 11-08-05 and allows execution of arbitrary code as SYSTEM user (totally unlimited root, IIRC), and the second, dated 12-28-05, is the same, except code is run as the user viewing the file.

In both cases, it seems to be completely confined to this one library (the former is an integer overflow, the second is less descriptive, citing a single function in the library).

I still don't understand why it has to be so thoroughly tested in so many languages. I'm guessing the November buffer overflow was fixed quickly. I definitely understand, though, that the more recent one is something I understand less.

Reply Score: 1

RE[2]: ...
by yawntoo on Thu 5th Jan 2006 17:04 UTC in reply to "RE: ..."
yawntoo Member since:
2006-01-04

Here is an answer ;-)

Take this with a grain of salt since I don't work for MS, and don't have visibility into exactly what they have been doing.

As far as I understand, the flaw is in the GDI call Escape(). This means that the pathch will likely need to be to GDI32.DLL and likely WIN32K.SYS. These are low level core components to the Win32 subsystem (the subsystem the most applications and the shell use).

So here is a bit more detail (as I understand it) into the issue:

The GDI framework is an API used to abstract away the details of graphics devices. This API is used to do basic graphics operations on video boards, and printers, and any other "display" device. Abstractions like this hide the details of the hardware from the appilcations programmer. This is a good thing.

The Escape call is a call that lets the application pass various commands to the driver without having to know the details of the driver. Most of the uses of this call are replaced with newer API calls, so this one has been around for quite a while. IIRC the issue here is that WMF files (which are really a set of GDI commands) can also contain Escape calls that will set a callback into arbitrary code (AbortProc). The proper use for this value is for an application to be able to tell the print driver to notify it if the print job has been canceled. However, a callback is a callback, and a malicious coder can make them do all sorts of nastiness.

Now GDI32.DLL is a rather thin library that mostly passes its work to WIN32K.SYS (In NT based systems).

WIN32K.SYS is the kernel mode component of the Win32 Subsystem. It does the real work of Win32. It _is_ Win32.

Any modifications to these libraries, no matter how trivial, could have wide ranging impact. These changes need to be well tested. Since the updated libraries will likely contain the rest of the Win32 API they need to be localized.

The point is that WMF is not so much an image format as it is a GDI scripting language. So the patch needs to be in GDI not in an image format handler.

Reply Score: 2

RE[3]: ...
by Nathan O. on Thu 5th Jan 2006 17:19 UTC in reply to "RE[2]: ..."
Nathan O. Member since:
2005-08-11

Oooh. First sentance of your third paragraph foreshadowed the rest of the explanation nicely. Have you considered becoming a novelist? Your explanation was entertaining, thorough (enough), and clear. Thanks!

I guess a GDI scripting language sounded like a pretty good idea back when malware was comparably unknown.

Reply Score: 1

LOL!
by Windows Sucks on Thu 5th Jan 2006 07:33 UTC
Windows Sucks
Member since:
2005-11-10

Typical!

Reply Score: 0

Linuxispoo...
by vecchio on Thu 5th Jan 2006 09:08 UTC
vecchio
Member since:
2005-07-06

... Where are you now?

Reply Score: 1

The Microsoft Patch is now on windowsupdate
by anyweb on Thu 5th Jan 2006 21:17 UTC
anyweb
Member since:
2005-07-06

The Microsoft Patch is now on windowsupdate ahead of schedule, so please get updating if you are a Windows XP user.

more info here

http://www.microsoft.com/technet/security/Bulletin/MS06-001.mspx

and here

http://www.windowsupdate.com

cheers
anyweb

Reply Score: 1