WMP Vulnerability - Further update from Microsoft Thursday 5 January

Microsoft announced that it would release a security update to help
protect customers from exploitations of a vulnerability in the Windows
Meta File (WMF) area of code in the Windows operating system on Tuesday,
January 2, 2006, in response to malicious and criminal attacks on
computer users that were discovered last week.

Microsoft will release the update today on Thursday, January 5, 2006,
earlier than planned.

Microsoft originally planned to release the update on Tuesday, January
10, 2006 as part of its regular monthly release of security bulletins,
once testing for quality and application compatibility was complete.
However, testing has been completed earlier than anticipated and the
update is ready for release.

In addition, Microsoft is releasing the update early in response to
strong customer sentiment that the release should be made available as
soon as possible.

Microsoft's monitoring of attack data continues to indicate that the
attacks are limited and are being mitigated both by Microsoft's efforts
to shut down malicious Web sites and with up-to-date signatures form
anti-virus companies.

The security update will be available at 2:00 pm PT as MS06-001.

NOTE At the moment I have no information as to whether Microsoft will be
issuing patches for any Win 9x operating system.
--
Mike Maltby

Apologies for omitting the source of the previous message. For the full
release see
http://www.microsoft.com/technet/sec...n/advance.mspx
--
Mike Maltby

"Mike M" wrote in message
...
Microsoft announced that it would release a security update to help
protect customers from exploitations of a vulnerability in the Windows
Meta File (WMF) area of code in the Windows operating system on Tuesday,
January 2, 2006, in response to malicious and criminal attacks on
computer users that were discovered last week.

Microsoft will release the update today on Thursday, January 5, 2006,
earlier than planned.

Microsoft originally planned to release the update on Tuesday, January
10, 2006 as part of its regular monthly release of security bulletins,
once testing for quality and application compatibility was complete.
However, testing has been completed earlier than anticipated and the
update is ready for release.

In addition, Microsoft is releasing the update early in response to
strong customer sentiment that the release should be made available as
soon as possible.

Microsoft's monitoring of attack data continues to indicate that the
attacks are limited and are being mitigated both by Microsoft's efforts
to shut down malicious Web sites and with up-to-date signatures form
anti-virus companies.

The security update will be available at 2:00 pm PT as MS06-001.

NOTE At the moment I have no information as to whether Microsoft will be
issuing patches for any Win 9x operating system.
--
Mike Maltby

NOTE At the moment I have no information as to whether Microsoft will
be issuing patches for any Win 9x operating system.

Microsoft Security Bulletin MS06-001 "Vulnerability in Graphics Rendering
Engine Could Allow Remote Code Execution (912919)"
(http://www.microsoft.com/technet/sec.../ms06-001.mspx) appears
to indicate that Microsoft are only releasing patches for Win2K, XP and
Win2K3.

It is possible that an update for Win Me and Win 98SE will be released at
a later date but it should be noted that to date, whilst acknowledging
that gdi32.dll is vulnerable in all of their systems since Win3, Microsoft
and others are saying that there is no evidence to date of Win 9x systems
having been attacked through this vulnerability. Noel Paton, myself and
others have spent time trying to compromise Win 9x systems but for myself
at least with no success to date.
--
Mike Maltby

Mike M wrote:

Microsoft announced that it would release a security update to help
protect customers from exploitations of a vulnerability in the Windows
Meta File (WMF) area of code in the Windows operating system on Tuesday,
January 2, 2006, in response to malicious and criminal attacks on
computer users that were discovered last week.

Microsoft will release the update today on Thursday, January 5, 2006,
earlier than planned.

Microsoft originally planned to release the update on Tuesday, January
10, 2006 as part of its regular monthly release of security bulletins,
once testing for quality and application compatibility was complete.
However, testing has been completed earlier than anticipated and the
update is ready for release.

In addition, Microsoft is releasing the update early in response to
strong customer sentiment that the release should be made available as
soon as possible.

Microsoft's monitoring of attack data continues to indicate that the
attacks are limited and are being mitigated both by Microsoft's efforts
to shut down malicious Web sites and with up-to-date signatures form
anti-virus companies.

The security update will be available at 2:00 pm PT as MS06-001.

NOTE At the moment I have no information as to whether Microsoft will be
issuing patches for any Win 9x operating system.

The patch is on Windows Update now.

--
Alias

Use the Reply to Sender feature of your news reader program to email me.
Utiliza Responder al Remitente para mandarme un mail.

Alias wrote:

The patch is on Windows Update now.

For Win2K, XP and W2K3 but not for Win Me. I don't expect to see any
patch for a Win 9x system in the immediate future but could be and
hopefully am wrong although I have yet to see evidence of Win 9x systems
being targeted. :-)
--
Mike Maltby

Alias wrote:
Mike M wrote:

Microsoft announced that it would release a security update to help
protect customers from exploitations of a vulnerability in the Windows
Meta File (WMF) area of code in the Windows operating system on Tuesday,
January 2, 2006, in response to malicious and criminal attacks on
computer users that were discovered last week.

Microsoft will release the update today on Thursday, January 5, 2006,
earlier than planned.

Microsoft originally planned to release the update on Tuesday, January
10, 2006 as part of its regular monthly release of security bulletins,
once testing for quality and application compatibility was complete.
However, testing has been completed earlier than anticipated and the
update is ready for release.

In addition, Microsoft is releasing the update early in response to
strong customer sentiment that the release should be made available as
soon as possible.

Microsoft's monitoring of attack data continues to indicate that the
attacks are limited and are being mitigated both by Microsoft's efforts
to shut down malicious Web sites and with up-to-date signatures form
anti-virus companies.

The security update will be available at 2:00 pm PT as MS06-001.

NOTE At the moment I have no information as to whether Microsoft will
be issuing patches for any Win 9x operating system.


The patch is on Windows Update now.

Thanks for the tip. Downloaded and installed with no problem.
richard

richard wrote:
Alias wrote:

Mike M wrote:

Microsoft announced that it would release a security update to help
protect customers from exploitations of a vulnerability in the Windows
Meta File (WMF) area of code in the Windows operating system on Tuesday,
January 2, 2006, in response to malicious and criminal attacks on
computer users that were discovered last week.

Microsoft will release the update today on Thursday, January 5, 2006,
earlier than planned.

Microsoft originally planned to release the update on Tuesday, January
10, 2006 as part of its regular monthly release of security bulletins,
once testing for quality and application compatibility was complete.
However, testing has been completed earlier than anticipated and the
update is ready for release.

In addition, Microsoft is releasing the update early in response to
strong customer sentiment that the release should be made available as
soon as possible.

Microsoft's monitoring of attack data continues to indicate that the
attacks are limited and are being mitigated both by Microsoft's efforts
to shut down malicious Web sites and with up-to-date signatures form
anti-virus companies.

The security update will be available at 2:00 pm PT as MS06-001.

NOTE At the moment I have no information as to whether Microsoft will
be issuing patches for any Win 9x operating system.



The patch is on Windows Update now.

Thanks for the tip. Downloaded and installed with no problem.
richard

Me too, on three machines.

--
Alias

Use the Reply to Sender feature of your news reader program to email me.
Utiliza Responder al Remitente para mandarme un mail.

Just dl'd and installed on my XP box, all seems well. I did reregister the
..dll and remove the 'hexblog' fix prior to installing the update. So, am I
protected now?
Heirloom, old and taking off one of two
raincoats

"Alias" wrote in message
...
Mike M wrote:

Microsoft announced that it would release a security update to help
protect customers from exploitations of a vulnerability in the Windows
Meta File (WMF) area of code in the Windows operating system on Tuesday,
January 2, 2006, in response to malicious and criminal attacks on
computer users that were discovered last week.

Microsoft will release the update today on Thursday, January 5, 2006,
earlier than planned.

Microsoft originally planned to release the update on Tuesday, January
10, 2006 as part of its regular monthly release of security bulletins,
once testing for quality and application compatibility was complete.
However, testing has been completed earlier than anticipated and the
update is ready for release.

In addition, Microsoft is releasing the update early in response to
strong customer sentiment that the release should be made available as
soon as possible.

Microsoft's monitoring of attack data continues to indicate that the
attacks are limited and are being mitigated both by Microsoft's efforts
to shut down malicious Web sites and with up-to-date signatures form
anti-virus companies.

The security update will be available at 2:00 pm PT as MS06-001.

NOTE At the moment I have no information as to whether Microsoft will be
issuing patches for any Win 9x operating system.

The patch is on Windows Update now.

--
Alias

Use the Reply to Sender feature of your news reader program to email me.
Utiliza Responder al Remitente para mandarme un mail.

Alias wrote:

Me too, on three machines.

I take it none of them are running Win Me?
--
Mike Maltby