WMF exploit

[khaosworks]

Public service announcement. You may have heard of the latest WMF exploit for Windows. This is serious stuff, people — you may think you're not vulnerable, or that it won't happen to you, but it can, and it's just so easy to do, and it gives complete control by an intruder over your computer. Everything.

So rather than wait for Microsoft to get off their asses and patch it up by January 10, by which time Lord knows how many people will get bitten, you might do well to be just a tad paranoid and get the unofficial patch.

For just what the WMF exploit can do, see http://www.f-secure.com/weblog/archives/archive-122005.html

And the unofficial patch can be found at:

http://www.grc.com/miscfiles/wmffix_hexblog14.exe
http://handlers.sans.org/tliston/wmffix_hexblog14.exe
http://castlecops.com/modules.php?name=Downloads&d_op=getit&lid=496
http://csc.sunbelt-software.com/wmf/wmffix_hexblog14.exe
http://www.antisource.com/download/wmffix_hexblog14.exe

So, begone — go forth and patch that hole. Once the fix from Microsoft is issued, you can uninstall this and install the official one.

Comments

Re: Wikipedia

[khaosworks.livejournal.com]

That's because someone using your IP address - that's the perils of using dialup like Singnet, because IP address are dynamically assigned - has been vandalising before. It's not directed at you personally.