IT-DISCUSS Archives

January 2006

IT-DISCUSS@LIST.UVM.EDU

Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
From:
Keith Kennedy <[log in to unmask]>
Reply To:
Technology Discussion at UVM <[log in to unmask]>
Date:
Tue, 3 Jan 2006 07:44:49 -0500
Content-Type:
text/plain
Parts/Attachments:
text/plain (86 lines)
Hi Alison,

CIT does NOT support applying this "unofficial" patch.
Evaluating the effectiveness of this patch, and making sure no harm is 
done is a complex task.
Here's Microsoft's latest news. They have a fix they are testing. They 
plan to release it Jan 10th.

From:
http://www.microsoft.com/technet/security/advisory/912840.mspx

...
Microsoft has completed development of the security update for the 
vulnerability. The security update is now being localized and tested to 
ensure quality and application compatibility. Microsoft’s goal is to 
release the update on Tuesday, January 10, 2006, as part of its monthly 
release of security bulletins. This release is predicated on successful 
completion of quality testing.

The update will be released worldwide simultaneously in 23 languages for 
all affected versions of Windows once it passes a series of rigorous 
testing procedures. It will be available on Microsoft’s Download Center, 
as well as through Microsoft Update and Windows Update. Customers who 
use Windows’ Automatic Updates feature will be delivered the fix 
automatically.

Based on strong customer feedback, all Microsoft’s security updates must 
pass a series of quality tests, including testing by third parties, to 
assure customers that they can be deployed effectively in all languages 
and for all versions of the Windows platform with minimum down time.

Microsoft has been carefully monitoring the attempted exploitation of 
the WMF vulnerability since it became public last week, through its own 
forensic capabilities and through partnerships within the industry and 
law enforcement. Although the issue is serious and malicious attacks are 
being attempted, Microsoft’s intelligence sources indicate that the 
scope of the attacks are not widespread.

...


Alison M Pechenick wrote:

> has sent you a story from Computerworld.com,
>and would like you to read it!
>_______________________________________________________________________
>
>Following on Stefanie's message...
>
>Happy New Year to all,
>
>Alison
>	
>	
>WMF FLAW CAN'T WAIT FOR MICROSOFT FIX, RESEARCHERS SAY
>
>Security researchers are telling Windows users to install an unofficial patch without waiting for Microsoft to react to a new wave of attacks on a flaw in how the Windows OS handles malicious files in the Windows Metafile format.
>http://www.computerworld.com/securitytopics/security/holes/story/0,10801,107420,00.html
>
>Click on the link or copy and paste it into your browser
>to view the story forwarded to you from Computerworld.com.
>
> 
>
>
>
>_______________________________________________________________________
>
>THE COMPUTERWORLD STORE: REPORTS, WHITE PAPERS AND MORE
>Visit the Computerworld Store online, where you can get clear, 
>comprehensive reports on Security, Storage, ROI and more. 
>Find the information you need to get your job done. 
>New reports are added regularly.
>https://store.computerworld.com
>
>_______________________________________________________________________
>
>COMPUTERWORLD ONLINE:
>Get all the latest IT news and analysis by visiting the Computerworld Web site at http://www.computerworld.com
>
>News headlines: http://www.computerworld.com/news/headlines
>Knowledge Centers: http://www.computerworld.com/topics/
>Discussion forums: http://cwforums.computerworld.com
>  
>

ATOM RSS1 RSS2