Supplemental Resources and Links for Episode #21

Official WMF Vulnerability update
from Microsoft Available NOW!
http://update.microsoft.com/

Ilfak Guilfanov on "Security Now" #21 ! Ilfak Guilfanov, developer of "The Patch" for temporarily protecting Windows users from exploitation of the WMF vulnerability (while we were waiting for Microsoft's official security update) joined us to discuss this first serious Windows vulnerability of the New Year. If you wish to be automatically notified whenever we post a new Security Now! audio program, you may use the button below to register an eMail address with the trustworthy "Change Detection" service. You will be able to easily remove yourself at any time: (it's private by ChangeDetection)

Microsoft is not fixing Windows 98/ME  . . . so GRC will. Microsoft has now "reclassified" the WMF vulnerability in Windows 95, 98, and ME as non-critical (instead of just fixing it!). This means that it will probably NOT be updated and patched to eliminate the WMF handling vulnerability that those older versions of Windows apparently still have. (This vulnerability still needs to be confirmed.) So, if Microsoft does not produce an update to repair those older versions of Windows, GRC will make one available.

Microsoft's official security update does the same thing as Ilfak's patch Users of Ilfak's temporary patch — which is no longer needed in the wake of Microsoft's early released official update — may rest easily. Ilfak reports that he checked-out Microsoft's new replacement GDI32.DLL . . . and it permanently does the same thing as his temporary patch: It simply revokes support for the age-old WMF "SETABORT" command from metafile processing.

Gibson Research Corporation is owned and operated by Steve Gibson.  The contents of this page are Copyright (c) 2022 Gibson Research Corporation. SpinRite, ShieldsUP, NanoProbe, and any other indicated trademarks are registered trademarks of Gibson Research Corporation, Laguna Hills, CA, USA. GRC's web and customer privacy policy.