 |
Featured Articles
|
|
|
 |
|
|
|
|
|
|
|
Current Articles
|
|
|
|
|
|
|
|
|
|
|
|
News Articles Archive
|
|
|
|
|
|
 |
|
|
|
|
161 Views |
| posted on Sunday, January 08, 2006 |
|
|
MICROSOFT RELEASING WMF PATCH AT 5PM EST
Dick Atlee writes:
Microsoft has relented and given in to pressures from the real world and is releasing a WMF patch. I imagine their servers are going to be pretty hard-hit this afternoon. I've included most of their announcement below.
Their nontechnical bulletin (to get started patching) is at:
http://www.microsoft.com/athome/security/update/bulletins/
200601_WMF.mspx
[I haven't been able to find the technical bulletin yet.] They will be holding a webcast about this on Friday (registration info in the bulletin below).
If you've previously installed the unofficial patch, then once you've installed the new Microsoft patch, you can then presumably safely uninstall the unofficial patch. If you installed it in the default fashion, this should work for uninstalling it:
1. Open the the "Program Files" folder on your C-drive.
2. In that folder, open the "WindowsMetafileFix" folder.
3. Double click on the unins000.exe icon. (If you don't have Windows set up to show those 3-letter file extensions (you should!), you may see more than one file called "unins000". The one you want has an icon containing, among other things, a blue-screen monitor.)
---------- Forwarded message ----------
Date: Thu, 5 Jan 2006 12:11:42 -0800
From: Microsoft
Subject: Microsoft Security Response Center Bulletin Notification
**************************************************
Title: Microsoft Security Response Center Bulletin Notification
Issued: January 05, 2006
**************************************************
Summary
=======
Important Information for Thursday 5 January 2006
Microsoft announced that it would release a security update to help protect customers from exploitations of a vulnerability in the Windows Meta File (WMF) area of code in the Windows operating system on Tuesday, January 2, 2006, in response to malicious and criminal attacks on computer users that were discovered last week.
Microsoft will release the update today on Thursday, January 5, 2006, earlier than planned.
Microsoft originally planned to release the update on Tuesday, January 10, 2006 as part of its regular monthly release of security bulletins, once testing for quality and application compatibility was complete. However, testing has been completed earlier than anticipated and the update is ready for release.
In addition, Microsoft is releasing the update early in response to strong customer sentiment that the release should be made available as soon as possible.
Microsoft's monitoring of attack data continues to indicate that the attacks are limited and are being mitigated both by Microsoft's efforts to shut down malicious Web sites and with up-to-date signatures form anti-virus companies.
The security update will be available at 2:00 pm PT as MS06-001.
Enterprise customers who are using Windows Server Update Services will receive the update automatically. In additional the update is supported Microsoft Baseline Security Analyzer 2.0, Systems Management Server, and Software Update Services. Enterprise customers can also manually download the update from the Download Center.
Microsoft will hold a special Web cast on Friday, January 6, 2006, to provide technical details on the MS06-001 and to answer questions. Registration details will be available at:
http://www.microsoft.com/technet/security/default.mspx
Microsoft will also be releasing additional security updates on Tuesday, January 10, 2006 as part of its regularly scheduled release of security updates.
*********************************************
[Note: I've omitted below general info about MS Security notifications and the regular update scheduled for June 10. The remainder of this bulletin is mostly of general interest, having nothing to do with the WMF patch.]
********************************************
Support:
========
Technical support is available from Microsoft Product Support Services at 1-866-PC SAFETY (1-866-727-2338). There is no charge for support calls associated with security updates. International customers can get support from their local Microsoft subsidiaries. Phone numbers for international support can be found at:
http://support.microsoft.com/common/international.aspx
Microsoft Support Lifecycle for Business and Developer Software
=======================================
The Microsoft Support Lifecycle policy provides consistent and predictable guidelines for product support availability at the time that the product is released. Under this policy, Microsoft will offer a minimum of ten years of support. This includes five years of Mainstream Support and five years of Extended Support for Business and Developer products. Microsoft will continue to provide security update support, at a supported Service Pack level, for a minimum of ten years through the Extended support phase. For more information about the Microsoft Support Lifecycle, visit http://support.microsoft.com/lifecycle/ or contact your Technical Account Manager.
Additional Resources:
=====================
* Microsoft has created a free monthly e-mail newsletter containing valuable information to help you protect your network. This newsletter provides practical security tips, topical security guidance, useful resources and links, pointers to helpful community resources, and a forum for you to provide feedback and ask security-related questions. You can sign up for the newsletter at:
http://www.microsoft.com/technet/security/secnews/default.mspx
* Microsoft has created a free e-mail notification service that serves as a supplement to the Security Notification Service (this e-mail). The Microsoft Security Notification Service: Comprehensive Version. It provides timely notification of any minor changes or revisions to previously released Microsoft Security Bulletins and Security Advisories. This new service provides notifications that are written for IT professionals and contain technical information about the revisions to security bulletins. To register visit the following Web site:
http://www.microsoft.com/technet/security/bulletin/notify.mspx
* Protect your PC: Microsoft has provided information on how you can help protect your PC at the following locations:
http://www.microsoft.com/security/protect/
If you receive an e-mail that claims to be distributing a Microsoft security update, it is a hoax that may be distributing a virus. Microsoft does not distribute security updates via e-mail. You can learn more about Microsoft's software distribution policies here:
http://www.microsoft.com/technet/security/topics/policy/swdist.mspx
[omitting legal fine print, PGP signature]
To cancel your subscription to this newsletter, reply to this message with the word UNSUBSCRIBE in the Subject line. You can also unsubscribe at the Microsoft.com web site <http://www.microsoft.com/misc/unsubscribe.htm>. You can manage all your Microsoft.com communication preferences at this site.
Legal Information
<http://www.microsoft.com/info/legalinfo/default.mspx>.
This newsletter was sent by the Microsoft Corporation
1 Microsoft Way
Redmond, Washington, USA
98052
------------
PREVIOUS NHNE NEWS LIST ARTICLE:
PATCH FOR MICROSOFT HOLE: TO WAIT OR NOT TO WAIT (1/3/2005):
http://groups.yahoo.com/group/nhnenews/message/10605
FOLLOWUP: WINDOWS PCS FACE 'HUGE' VIRUS THREAT (1/3/2006):
http://groups.yahoo.com/group/nhnenews/message/10601
WINDOWS PCS FACE 'HUGE' VIRUS THREAT (1/2/2006):
http://groups.yahoo.com/group/nhnenews/message/10599
..........
FOR FURTHER INFORMATION:
MICROSOFT SECURITY WEB PAGE:
http://www.microsoft.com/security/default.mspx
MCAFEE VIRUS INFORMATION LIBRARY:
http://vil.nai.com/vil/default.asp
SYMANTEC:
http://www.symantec.com/index.htm
F-SECURE:
http://www.f-secure.com/
SOPHOS:
http://www.sophos.com/
TREND MICRO:
http://www.trendmicro.com/vinfo/
UNIVERSITY OF MARYLAND OIT VIRUS NOTIFICATION PROGRAM (VNP):
http://www.helpdesk.umd.edu/virus/
CERT VIRUS RESOURCES:
http://www.cert.org/other_sources/viruses.html
...........
MCAFEE VIRUS HOAXES:
http://vil.mcafee.com/hoax.asp
SYMANTEC VIRUS HOAXES:
http://www.symantec.com/avcenter/hoax.html
TREND MICRO SCAMS AND HOAXES:
http://www.trendmicro.com/vinfo/hoaxes/default.asp
HOAXBUSTERS:
http://hoaxbusters.ciac.org/
SNOPES (Urban Legends):
http://www.snopes.com/
|
|
 |
|
|
|
|
|
|
|
............
In accordance with Title 17 U.S.C. Section 107, this material is distributed without profit to those who have expressed a prior interest in receiving the included information for research and educational purposes. Unless the information in question has been written and/or published by NHNE, NHNE has no affiliation whatsoever with the originator of this article. NHNE is, therefore, not endorsed or sponsored by the originator, nor does NHNE necessarily endorse, promote, or agree with the content. If you wish to use copyrighted material from this site for purposes of your own that go beyond 'fair use', you must obtain permission from the copyright owner.
|
|
|
|