Home     Articles     SBS Show     Vladfire     About     Links     Contact     Wiki     RSS2 Feed    

AJAXify your Wordpress

Learn how I ajaxified my wordpress blog with these few steps...

SBS Show!

Listen to the latest episode of the SBS Show, Dave Sobel talks about process management...

Vladville Newsletter!

Looking for a more focused, exclusive insight into the world of SMB tech & business? Sign up for my newsletter!

Patch for WMF exploits
Posted: 3:58 pm
December 31st, 2005 		Post a comment
Security

I'm sorry to interrupt your New Years plans but there is now a patch available to stop the exploit of WMF (and all the other images processed by the vulnerable shimgvw.dll library). It is made public, along with the source code, by Ilfak Guilfanov who is a very popular decompilation expert. http://www.hexblog.com/2005/12/wmf_vuln.html Should you patch? Yes, immediately. Even if you've blocked WMF files at the firewall and everything else is up to date there is now a first worm running in the wild under the file xmas-2006 FUNNY.jpg so exercise caution and start patching.

You can leave a response, or trackback from your own site.

6 Comments

cindy s | December 31st, 2005 at 5:14 pm

Dear Vlad,

Thank you so much for your help with this. I have been following your WMF updates every day and every day I feel more secure by following your advice.

You have helped my company stay more secure than any of the vendors we send more than $1000/year to.

Been reading this site for a while, I just wanted to wish you a happy new year and thank you for helping me.

New Years Resolution: I want to be like Vlad.



Anonymous | December 31st, 2005 at 5:42 pm

I love your pre-emptive posts. Even though anti-virus/spyware can detect these there is nothing like patching so it doesn’t become a problem in the first place. What a novel concept! Beats the “just sit on your hands” message from Microsoft.



Anne Fields | December 31st, 2005 at 7:35 pm

Happy New Year! Another day, another Vlad-to-the-rescue post.

We love you guy, thank you for doing all that you do.



JenMeiners | December 31st, 2005 at 11:25 pm

Happy New Year ;) Thanks for the patch. It speaks to the power of the SBS leaders that are able to get stuff not available through the main channels.



ScottC | January 1st, 2006 at 12:34 am

First comment of 2006!

Happy new year guy!



sarahintampa.com | January 6th, 2006 at 4:55 pm

…and thanks for the list of URLs to block!



Leave a Reply

OpenID

Anonymous

Whats on Vlad's Mind?

Sponsors:
This blog is made possible by Own Web Now Corp and ExchangeDefender. If you like this blog and are in the need of products we offer I hope you give us some consideration.

Get The Newsletter

Twitter

Vladfire Vlog

Divider


SBS Show Podcast
 

Categories

  

Archives

  

About
Divider Divider