Computer Tips -Tech Info

The unofficial WMF exploit patch now has multiple locations to download from. They’ve apparently run into some bandwidth problems at the main site. Sunbeltblog has an alternate download location, Sans is hosting a download here (direct download link)    Send article as PDF   

If you’ve visited here in the last few days, you’ll have noticed that I’ve been trying to test the WMF exploit against a Windows 98 Virtual machine since January 1st. I initially started out with a default install, which didn’t work, (for the exploit), then added irfanview (didn’t work), tried the exploit as a jpg, […]

Ok – so at least I wasn’t the only one to see Microsoft’s update to the security bulletin as downplaying the threat…. Of course, I don’t expect them to say…. “OH NO>>>> THE INTERNET WILL BE CRASHING AND BURNING…” But acknowledging that it is a very serious threat and there are few ways (outside of […]

I had hoped to get in another test of Windows 98 with yet another WMF viewer (tried Kodak imaging, and irfanview). So far I haven’t seen a way that the WMF exploits can work on Windows 98 SE. I’m running out of time before I have to run to some computer service appointments and maybe […]

There’s another security warning out related to specially crafted image files. This time it’s targetted at the blackberry, which is a small portable email/pda device. Basically a corrupted TIFF may lead the user to be unable to view other image attachments. The US-CERT advisory seems to indicate that remote code execution could be possible, although […]

The Microsoft security bulletin on the WMF vulnerability has been updated to indicate that Microsoft expects to release an update for the issue in their regular patch release on January 10th. The first couple paragraphs strike me as a bit defensive. Explaining about their immediate mobilization of Incident Response and immediate work on a patch, […]

I had hoped to do an article on metasploit in the not too distant future, but not as early as tonight…. However, I’ve made a couple of references to it in previous posts which, well, it would be nice if I’d already given a bit of information about metasploit in general. For starters, metasploit is […]

There’s been an update to the unofficial patch for the WMF (Windows MetaFile) vulnerability. The main change appears to be some options to allow for quiet installation (unattended) to help administrators in large environments try to roll the patch out in automated login scripts/etc. It can be found here or at the incidents.org site.    […]

I mentioned this in my summary yesterday morning as a possible workaround until there are patches for the WMF vulnerability that’s been big news the last week. I notice that incidents.org has mentioned it too as a possibility today. VMware has released VMPLayer as a free way of running premade virtual machines.    Send article […]

I’ve seen breathless headlines that say “Windows PCs face ‘huge’ virus threat; Affects every MICROSOFT OS shipped since 1990…” and really would like to try to clarify (again) what the situation is. Yes, the bug or vulnerability that’s currently being exploited exists as far back as Windows 3.0, but as far as I can tell […]