Skip to main content

Download the Official Microsoft patch for WMF flaw

Due to a major security hole in WMF files, your computer could be infected with viruses, spyware or other malicious programs just by viewing a Web page, an e-mail message, or an Instant Message that contains one of the contaminated images. The problem has existed for years, but its discovery was publicly announced in late December 2005.

In a somewhat unusual development, an unofficial, third-party patch was posted on the Web several days before Microsoft's official fix.

Microsoft has finally released a official patch for the Windows WMF (Windows Meta File) Graphics Rendering Engine vulnerability that left millions of PCs open to viruses, spyware.
Microsoft originally planned to release the update on Tuesday, January 10, 2006 as part of its regular monthly release of security bulletins, once testing for quality and application compatibility was complete. However, testing has been completed earlier than anticipated and the update is ready for release. In addition, Microsoft is releasing the update early in response to strong customer sentiment that the release should be made available as soon as possible.
Microsoft did not release a WMF patch for Windows 98, Windows 98 Second Edition, or Windows Millennium Edition.

Download WMF patch for Microsoft Windows XP SP2 (may require WGA)
windowsxp-kb912919-x86-enu.exe
Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2003

The change introduced to address this vulnerability removes the support for the SETABORTPROC record type from the META_ESCAPE record in a WMF image. This update does not remove support for ABORTPROC functions registered by application SetAbortProc() API calls.

The WMF vulnerability applies to all versions of Windows from 98 onward, Microsoft XP Pro, Microsoft XP Home, Microsoft Windows Server 2003 Datacenter Edition, Microsoft Windows Server 2003 Enterprise Edition and Microsoft Windows Server 2003 Standard Edition.

Microsoft will also release an updated version of its malicious-code-removal tool on Tuesday as part of its monthly security updates.

Security Update for Windows XP (KB912919)

Microsoft Security Bulletin MS06-001

Popular posts from this blog

How to Download Contacts from Facebook To Outlook Address Book

Facebook users are not too pleased with the "walled garden" approach of Facebook. The reason is simple - while you can easily import your Outlook address book and GMail contacts into Facebook, the reverse path is closed. There's no "official" way to export your Facebook friends email addresses or contact phone numbers out as a CSV file so that you can sync the contacts data with Outlook, GMail or your BlackBerry. Some third-party Facebook hacks like "Facebook Sync" (for Mac) and "Facebook Downloader" (for Windows) did allow you to download your Facebook friends' names, emails, mobile phone number and profile photo to the desktop but they were quickly removed for violation of Facebook Terms of Use. How to Download Contacts from Facebook There are still some options to take Friends data outside the walls of Facebook wall. Facebook offers the Takeout option allowing you to download all Facebook data locally to the disk (include

PhishTank Detects Phishing Websites by Digg Style Voting

OpenDNS, a free service that helps anyone surf the Internet faster with a simple DNS tweak , will announce PhishTank today. PhishTank is a free public database of phishing URLs where anyone can submit their phishes via email or through the website. The submissions are verified by the other community members who then vote for the suspected site. This is such a neat idea as sites can be categorized just based on user feedback without even having to manually verify each and every submission. PhishTank employs the "feedback loop" mechanism where users will be kept updated with the status' of the phish they submit either via email alerts or a personal RSS feed . Naturally, once the PhishTank databases grows, other sites can harness the data using open APIs which will remain free. OpenDNS would also use this data to improve their existing phishing detection algorithms which are already very impressive and efficient. PhishTank | PhishTank Blog [Thanks Allison] Related: Google

Digital Inspiration

Digital Inspiration is a popular tech blog by  Amit Agarwal . Our popular Google Scripts include  Gmail Mail Merge  (send personalized emails with Gmail ),  Document Studio (generate PDFs from Google Forms ) and   File Upload Forms ( receive files  in Google Drive). Also see  Reverse Image Mobile Search , Online Speech Recognition and Website Screenshots , the most useful websites on the Internet.