CastleCops, Internet Crime Fighters
Need help? Click here to register for free! Absolutely zero advertisements on this site!

$9736.22 of $21422.68
left sidedonated so farneed $11686.46 donated to reach our goalright side, our goal
Help CastleCops serve the community on new servers, Donate Here to reach our goal.

Donation/Premium
spacer
Donations. Become Premium Today! Premium Icon
block bottom
Security Central
spacer
· Home
· PIRT/Fried Phish
· MIRT
· SIRT
· Deutsch
· Wiki
· Newsletter
· O16/ActiveX
· CLSID List
· Contest2007
· Downloads
· Feedback (send)
· Forums
· HijackThis
· Hijacktrend
· LSPs
· My Downloads
· O18
· O20
· O21
· O22
· O23
· O9
· Premium
· Private Messages
· Proxomitron
· Reviews
· Search
· StartupList
· Stories Archive
· Submit News
· WsIRT
· Your Account
· Acceptable Use Policy
block bottom
Survey
spacer
Was 2007 a good year?

Yes it was a wonderful year
Yes, but there is always room for improvement
Status quo
It was a challenge
Other (leave comment)



Results
Polls

Votes: 940
Comments: 25
block bottom
spacer spacer
image Advisories!: Microsoft Security Bulletin MS06-001: Official WMF Patch image
Microsoft
Microsoft has just released its official patch for the WMF 0-Day. In the Microsoft Security Bulletin MS06-001, Microsoft states in its executive summary:
This update resolves a newly-discovered, public vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.

Note This vulnerability is currently being exploited and was previously discussed by Microsoft in Microsoft Security Advisory 912840.

If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

We recommend that customers apply the update immediately.


The bulletin continues with some basic questions and answers:

Does this update contain any security-related changes to functionality?
Yes. The change introduced to address this vulnerability removes the support for the SETABORTPROC record type from the META_ESCAPE record in a WMF image. This update does not remove support for ABORTPROC functions registered by application SetAbortProc() API calls.

Are Windows 98, Windows 98 Second Edition, or Windows Millennium Edition critically affected by one or more of the vulnerabilities that are addressed in this security bulletin?
No. Although Windows 98, Windows 98 Second Edition, and Windows Millennium Edition do contain the affected component, the vulnerability is not critical because an exploitable attack vector has not been identified that would yield a Critical severity rating for these versions.

Graphics Rendering Engine Vulnerability - CVE-2005-4560:
A remote code execution vulnerability exists in the Graphics Rendering Engine because of the way that it handles Windows Metafile (WMF) images. An attacker could exploit the vulnerability by constructing a specially crafted WMF image that could potentially allow remote code execution if a user visited a malicious Web site or opened a specially crafted attachment in e-mail. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

Mitigating Factors for Graphics Rendering Engine Vulnerability - CVE-2005-4560:
• In a Web-based attack scenario, an attacker could host a Web site that contains a Web page that is used to exploit this vulnerability. Also, Web sites that accept or host user-provided content or advertisements, and compromised Web sites, may contain malicious content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to persuade users to visit the Web site, typically by getting them to click a link in an e-mail or Instant Messenger request that takes users to the attacker's Web site.

• An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
For specific details on the installation parameters (switches and descriptions), visit here and click open "Vulnerability Details" | "Security Update Information" and then select the operating system. There is quite a detailed list.

Download official MS Patch

Affected Software:

• Microsoft Windows 2000 Service Pack 4 – Download the update

• Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2 – Download the update

• Microsoft Windows XP Professional x64 Edition – Download the update

• Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1 – Download the update

• Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems – Download the update

• Microsoft Windows Server 2003 x64 Edition – Download the update

Alternatively, access windowsupdate.microsoft.com.

Note: So what to do now with the workaround patches now that you have installed Microsoft's official patch? Check the WMF Exploit FAQ for the answer.
Posted on Thursday, 05 January 2006 @ 15:21:32 UTC by Paul (17944 reads)
[ Trackback ]		image

"Advisories!: Microsoft Security Bulletin MS06-001: Official WMF Patch" | Login/Create an Account | 2 comments | Search
Threshold
The comments are owned by the poster. We aren't responsible for their content.

No Comments Allowed for Anonymous, please register

Re: Microsoft Security Bulletin MS06-001: Official WMF Patch (Score: 1)
by woodsmoke  on Sunday, 15 January 2006 @ 21:34:33 UTC
(User Info | Send a Message)
Well....I got the runaround at MS....I followed the link and i said I needed SP2... I clicked that...it downloaded tried to install and it said I didn't have SP1...so I downloaded it and it said I needed SP2.....and back and forth and round and round...Now these are valid disks, I bought them from WallyWorld a year ago...always used Win2K up to then....round and round...
so I came back here and downloaded the patch from...forgot the name, but up in the box at top...
It installed fine.
woodsmoke



Re: Microsoft Security Bulletin MS06-001: Official WMF Patch (Score: 1)
by voha  on Wednesday, 23 July 2008 @ 09:24:55 UTC
(User Info | Send a Message)
Pollock is the most popular, comprehensive and up-to-date source of drug information online. Providing free, accurate and independent advice on more than 10,000 prescription pills, over-the-counter medicines and natural products. Here is some of them: Tramadol- is a narcotic-like pain reliever. tramadol [www.pollockbaileypharmacy.com] Ultram -is a narcotic-like pain reliever. ultram [www.pollockbaileypharmacy.com] Soma - is a muscle relaxer that works by blocking pain sensations between the nerves and the brain. soma [www.pollockbaileypharmacy.com] Carisoprodol- is a muscle relaxer that works by blocking pain sensations between the nerves and the brain. carisoprodol [www.pollockbaileypharmacy.com] Propecia- prevents the conversion of testosterone to dihydrotestosterone (DHT) in the body. propecia [www.pollockbaileypharmacy.com] Fioricet -having tension headaches. It may also be used for other conditions as determined by your doctor. fioricet [www.pollockbaileypharmacy.com] Ultracet- Tramadol is a narcotic-like pain reliever. ultracet [www.pollockbaileypharmacy.com] Xenical blocks some of the fat that you eat, keeping it from being absorbed by your body. xenical [www.pollockbaileypharmacy.com] Paroxetine (pa-ROX-uh-teen) is used to treat mental depression, obsessive-compulsive disorder, panic disorder, generalized anxiety disorder, social anxiety disorder (also known as social phobia), premenstrual dysphoric disorder (PMDD), and posttraumatic stress disorder (PTSD). paxil [www.pollockbaileypharmacy.com] Cialis relaxes muscles and increases blood flow to particular areas of the body. It is a phosphodiesterase inhibitor cialis [www.pollockbaileypharmacy.com] Levitra relaxes muscles and increases blood flow to particular areas of the body. levitra [www.pollockbaileypharmacy.com] Viagra relaxes muscles and increases blood flow to particular areas of the body. Sildenafil under the name viagra [www.pollockbaileypharmacy.com] is used to treat erectile dysfunction (impotence) in men.


 
Login
spacer
Nickname

Password

Security Code: Type Security Code: Usage signifies AUP acceptance
· New User? · Click here to create a registered account.
block bottom
Related Links
spacer
· del.icio.us!
· digg it!
· reddit!
· TrackBack (0)
· Microsoft
· Microsoft
· HotScripts
· W3 Consortium
· Google Microsoft Search
· Microsoft
· Technet Online
· HotFix & Security Bulletins
· More about Microsoft
· News by Paul

Most read story about Microsoft:
Microsoft Security Bulletin MS06-001: Official WMF Patch
block bottom
Article Rating
spacer
Average Score: 5
Votes: 3


Please take a second and vote for this article:

Bad
Regular
Good
Very Good
Excellent
block bottom
Options
spacer

Printer Friendly Page  Printer Friendly Page
block bottom
2002-2008 © Computer Cops LLC dba CastleCops®. All rights reserved.
Acceptable Use Policy. Use signifies your agreement.
140ppm 0.414s (0.023s)
Making cybercriminals unhappy since 2002*
In Memory of Trpm
spacer spacer