Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

WMF Woes? Patch Things Up (Unofficially)!

Worried about the WMF vulnerability. Secure Enterprise Magazine's Editor Mike Fratto has found two 'off the record' fixes that will do a good job of holding down the fort until Microsoft comes up with something more official. Mike explains:

While I am not in the habit of recommending unofficial patches, it seems like the WMF vulnerability is pretty nasty, so you probably want to spend some time testing and deploying the work-arounds. Simply blocking files ending in .wmf won't be enough because Windows handles WMF files based on file structure, not extension. Files ending in .jpg and .gif are just as likely to be WMF files as not.

Ilfak Guilfanov has put together a patch that SANS is endorsing as a viable short term solution until Microsoft comes up with something. F-Secure also has a workaround as well as a wealth of information from their own research and from others like SANS and Ilfak Guilfanov.

I have been using the SANS work-around for days with no ill effects and I, like others, have successfully tested the workarounds against working exploits as well as Metasploits version.

Just remember to remove this patch -- if you use it -- prior to installing Microsoft's.