Skip to comments.WMF (Windows meta file) exploit
Posted on 01/02/2006 5:07:56 AM PST by KeyWest
Looking forward to the week ahead, I find myself in the very peculiar position of having to say something that I don't believe has ever been said here in the Handler's diary before: "Please, trust us."
I've written more than a few diaries, and I've often been silly or said funny things, but now, I'm being as straightforward and honest as I can possibly be: the Microsoft WMF vulnerability is bad. It is very, very bad.
(Excerpt) Read more at isc.sans.org ...
In essence, if you are using MSIE you are particularly vulnerable. Firefox and Moz give an intermediate step that can protect you if you know about the exploit, but most people do not and will open the "picture".
I have been around since 1998, and post infrequently, but this is a potential major problem. There has been one other post on the problem, but few saw it.
Foxnews.com had a story about this yesterday, I sent the link to my friends and family.
You're right, this one is gonna be a major problem until they get a patch issued.
Don't you love MS development strategy? "Get it to market first, then finish programming."
OK. I see it was the link to FR that showed up as a 404 and now works.
Please change the date - it was not a year ago...
As I said, I post infrequently... :)
Shoot, fella- I know you-- haven't "talked" to you for a while, but you go back farther on this site than I do... you're an Oldtimer.
I have some links handy ( rummaging around old files hastily )...
For video players that can handle other formats, give your friends these links -
Subnote: V-lan works fine on my home machines- others I know swear it "hosed my codecs"- so be advised I provide that and other links on a "use with caution" basis.
Thanks for the heads up. Once again this proves the worth of Free Republic and its posters.
I wouldn't know sans.org from Adam's housecat.
Amazing. This post has been up for almost an hour, and we haven't had anyone post "Free Republic isn't a computer forum, blah, blah, blah..."
My late Mom's favorite variant of that was "wouldn't know him from a load of coal." ( She grew up in coal country )
Not surprisingly ( since we have so many people from different backgrounds ) some of the best and fastest computer advice I have gotten has been right here.
There are some very good computer forums- Geeks to Go, VirtualDr, and others- but we're pretty durn good, too.
Well, thank you both for the background. Not being in IT, it is hard to know who or what to trust. I downloaded the patch with (seemingly) no ill effects.
What is it with mother's sayings? That one is straight from mine's lips! LOL
They know they'd get their asses handed to them. ;-)
I'm going to think about it for a while before I do anything with it.
The unofficial patch seems to revolve around the desire to show images whilst Netting. I've de-registered, and I'm only allowing images from the originating site (FireFox). I'm thinking about disallowing images totally, until the official patch comes out, but who knows how long Redmond is going to take.
Looks like some EXCELLENT info, KW.
I've been in the software development business for over 20 years. Trust me, MS is not the only company that this applies to.
But you are never really "finished programming". And at some point, you have to release or you will never get a product out the door.
If everything released was "finished", wouldn't everything be at version 1.0 - heck, version numbers wouldn't even be necessary.
Is Linux "finshed"? Oracle? etc. etc.
I'm not trying to absolve MS, but I don't hold them up to any higher standard than I would any other company because I've been on the other side of things, and there is NO major piece of software out there that is perfectly written.
But you'd think so if you read the various anti-MS blogs - you find all of the perfect programmers there who never have written code with a bug in their lives. :-)
Thank you. Fix seems to be running okay.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.