Microsoft released the patch today for the WMF image vulnerability, ahead of schedule. It can be downloaded from here:
http://www.microsoft.com/athome/security/update/bulletins/200601_WMF.mspx
If you are running Windows XP, Windows 2000, or Windows 2003, you should download and install the update immediately. There are exploits taking advantage of this flaw - and it involves viewing an image to become vulnerable, not downloading or running anything. Windows 98/ME users apparently are not affected by the issue, contrary to earlier reports.
Welcome to the Second Life Forums Archive
These forums are CLOSED. Please visit the new forums HERE
Patch released for extremely critical Windows flaw |
|
|
Cristiano Midnight
Evil Snapshot Baron
Join date: 17 May 2003
Posts: 8,616
|
01-05-2006 13:59
_____________________
Cristiano
ANOmations - huge selection of high quality, low priced animations all $100L or less. ~SLUniverse.com~ SL's oldest and largest community site, featuring Snapzilla image sharing, forums, and much more.  |
|
Toy LaFollette
I eat paintchips
Join date: 11 Feb 2004
Posts: 2,359
|
01-05-2006 14:05
thanx Cristiano I just installed it
 _____________________
"So you see, my loyalty lies with Second Life, not with Linden Lab. Where I perceive the actions of Linden Lab to be in conflict with the best interests of Second Life, I side with Second Life."-Jacek
|
|
Chance Abattoir
Future Rockin' Resmod
Join date: 3 Apr 2004
Posts: 3,898
|
01-05-2006 14:14
bump
_____________________
"The mob requires regular doses of scandal, paranoia and dilemma to alleviate the boredom of a meaningless existence."
-Insane Ramblings, Anton LaVey |
|
Nolan Nash
Frischer Frosch
Join date: 15 May 2003
Posts: 7,141
|
01-05-2006 14:15
Thanks Cris, I got smacked with this last week, it corrupted an instance of XP on one of my drives! Watch Out! Be Careful!
_____________________
“Time's fun when you're having flies.” ~Kermit
|
|
Ulrika Zugzwang
Magnanimous in Victory
Join date: 10 Jun 2004
Posts: 6,382
|
01-05-2006 14:17
The patch is called MacOS X.
 ~Ulrika~ _____________________
Chik-chik-chika-ahh
|
|
Chance Abattoir
Future Rockin' Resmod
Join date: 3 Apr 2004
Posts: 3,898
|
01-05-2006 14:29
artificial sticky
_____________________
"The mob requires regular doses of scandal, paranoia and dilemma to alleviate the boredom of a meaningless existence."
-Insane Ramblings, Anton LaVey |
|
MJ Hathor
Purple Butterfly
Join date: 17 Mar 2005
Posts: 901
|
01-05-2006 15:44
I hope this was the patch...its the only one windows found to update
_____________________
|
|
Cristiano Midnight
Evil Snapshot Baron
Join date: 17 May 2003
Posts: 8,616
|
01-05-2006 16:27
Yes that is the patch - Windows Update will find it if you need it.
_____________________
Cristiano
ANOmations - huge selection of high quality, low priced animations all $100L or less. ~SLUniverse.com~ SL's oldest and largest community site, featuring Snapzilla image sharing, forums, and much more. |
|
Eggy Lippmann
Wiktator
Join date: 1 May 2003
Posts: 7,939
|
01-05-2006 17:05
The patch is called MacOS X. ~Ulrika~ Only HIPPIES use MacOS X! Der. _____________________
|
|
Billy Grace
Land Market Facilitator
Join date: 8 Mar 2004
Posts: 2,307
|
01-05-2006 17:21
hmmm... either it was already downloaded with my auto update thingy. Followed the link, it did a search and said I did not have any downloads. Either that or I did something wrong.
_____________________
I find it rather easy to portray a businessman. Being bland, rather cruel and incompetent comes naturally to me.
John Cleese, 1939 - |
|
Pym Sartre
Castle Overseer
Join date: 27 Oct 2005
Posts: 100
|
Technical question
01-05-2006 17:22
Question would be... does the image parsing in the SL client use this vulnerablity? Could someone use an image in SL that triggers it?
Just thought I'd ask, was curious. Pym PS: MacOS or... UNIX. Mmmm, UNIXy goodness. |
|
Chance Abattoir
Future Rockin' Resmod
Join date: 3 Apr 2004
Posts: 3,898
|
01-05-2006 17:33
Question would be... does the image parsing in the SL client use this vulnerablity? Could someone use an image in SL that triggers it? Just thought I'd ask, was curious. Pym Does SL even accept WMF's? _____________________
"The mob requires regular doses of scandal, paranoia and dilemma to alleviate the boredom of a meaningless existence."
-Insane Ramblings, Anton LaVey |
|
Pym Sartre
Castle Overseer
Join date: 27 Oct 2005
Posts: 100
|
01-05-2006 17:45
I'm not sure, of course, but I'm also not sure what SL uses to process images, and whether or not the client uses the vulnerable code. Something for the programmers to answer, I guess.
|
|
Ben Bacon
Registered User
Join date: 14 Jul 2005
Posts: 809
|
01-06-2006 01:45
Question would be... does the image parsing in the SL client use this vulnerablity? Could someone use an image in SL that triggers it? Just thought I'd ask, was curious. Second Life doesn't transfer any content using this format at all (textures, for example, are stored as JPG2000, which is decompressed - not executed). Definitely get the fix to protect yourself from malicious WMF files sent to you via email or downloads - but rest assured that SL is safe. |
|
Chip Midnight
ate my baby!
Join date: 1 May 2003
Posts: 10,231
|
01-06-2006 06:28
I hope this was the patch...its the only one windows found to update MJ, that's not the patch. That's an upgrade to Windows Update. Once you install that you need to check for updates again. _____________________
 My other hobby: www.live365.com/stations/chip_midnight |
|
Cristiano Midnight
Evil Snapshot Baron
Join date: 17 May 2003
Posts: 8,616
|
01-06-2006 07:49
MJ, that's not the patch. That's an upgrade to Windows Update. Once you install that you need to check for updates again. Eeek you're right, I didn't look more closely at that screen shot - good catch. _____________________
Cristiano
ANOmations - huge selection of high quality, low priced animations all $100L or less. ~SLUniverse.com~ SL's oldest and largest community site, featuring Snapzilla image sharing, forums, and much more. |
|
Dianne Mechanique
Back from the Dead
Join date: 28 Mar 2005
Posts: 2,648
|
01-06-2006 07:54
No need to fear. The vulnerability was specifically for MS Windows .WMF files. They are not so much a graphics file like other formats in that they don't encode an image directly. They store a recording of the drawing operations needed to create the image. Someone discovered some harmful operations that could also be stored in the "recording". These operations are then executed when Windows "plays back" the WMF file to recreate the image. Second Life doesn't transfer any content using this format at all (textures, for example, are stored as JPG2000, which is decompressed - not executed). Definitely get the fix to protect yourself from malicious WMF files sent to you via email or downloads - but rest assured that SL is safe. _____________________
.
black art furniture & classic clothing =================== Black in Neufreistadt Black @ ONE Black @ www.SLBoutique.com . |
|
Ben Bacon
Registered User
Join date: 14 Jul 2005
Posts: 809
|
01-06-2006 15:51
Only Microsoft would think an image that's actually a Macro (virus) was a good idea. From a developer's perspective, the ability to save GDI commands (not macros) (not viruses) to a file is wonderful. From a developer's perspective - cheap shots at MS are just that - cheap. |
|
MJ Hathor
Purple Butterfly
Join date: 17 Mar 2005
Posts: 901
|
01-06-2006 16:39
MJ, that's not the patch. That's an upgrade to Windows Update. Once you install that you need to check for updates again. Thanks, will try again Edit: Okay, tried again and it appeared nothing happened. So, I went ahead and looked in the update history and found this... Windows XP Security Update for Windows XP (KB912919) Friday, January 06, 2006 Automatic Updates....I'm thinking that its been successfully updated. MJ _____________________
|
