password

username

• Newsletters
• Senders
• Contribute
• Faq

Newsletter preview

Date:

Fri, January 06, 2006 09:36:44 PM

From:

Brian Livingston

Subject:

News update from Windows Secrets [Newsletter Comp Version]

You subscribed using the address *** If your software garbles this news update, see WindowsSecrets.com/comp/060106

TOP STORY Install Microsoft's WMF patch By Brian Livingston Microsoft released on Jan. 5 an emergency patch, named MS06-001, which corrects Windows' so-called WMF (Windows metafile) vulnerability. A WMF exploit can silently infect a PC when it merely displays an image in any browser, instant messaging, P2P, e-mail, or in a directory listing in Windows Explorer; when desktop-search applications index an infected image file; and in other ways. I published a special news update earlier in the week urging readers to install an unofficial patch for this problem. This workaround was also strongly recommended by F-Secure, the SANS Institute's Internet Storm Center (ISC), and several other security sites. Readers should now install the official patch instead, following the steps I describe below. It's highly unusual for Microsoft to release a patch on a date other than the 2nd Tuesday of each month. In fact, Microsoft had originally announced that it would not release a solution for the WMF hole, which was being actively exploited on the Internet, until Jan. 10. Microsoft's decision to reverse itself and release the patch out-of-cycle is to be commended. This action reinforces my belief that the WMF hole was so serious that Windows users needed to protect themselves immediately and not wait a week or more for an official Microsoft patch. The unofficial patch, by Belgian developer Ilfak Guilfanov, was not the only workaround that became available to Windows users in recent days. Microsoft itself suggested in its Dec. 28 security advisory 912840 (which has now been mostly deleted) that users deregister Shimgvw.dll, a vulnerable file. In addition, an unauthorized version of the MS06-001 patch was leaked on some Web sites. I recommend that individual PC users take the following steps. The procedure I describe below helps you install the official Microsoft patch without problems, regardless of which of the above workarounds, if any, you used. (Information for corporations on scripting patches to install them across a network is available from the ISC.)

Windows Secrets News Update Issue 66b — 2006.01.06 Editor Brian Livingston (left) Contents TOP STORY Install Microsoft's WMF patch Please update your postal code Next regular issue will be Jan. 12 ABOUT YOUR SUBSCRIPTION Your preferences, etc. (NOTE: Lotus Notes 5 and 6 and Mozilla Mail 1.5 and lower don't correctly scroll down when the above links are clicked. There's no workaround other than updating these programs.) Newsletter Control Panel Windows Secrets home page How to subscribe Change your delivery address Change your preferences Access past free issues Access past paid issues Upgrade to paid version Search for info (WinFind) Submit a Windows tip Get subscription help How to *** Circulation: over 145,000

Step 1. Reboot your PC. This will remove any infected images that may remain in your PC's memory. Step 2. Uninstall the leaked MS06-001 patch, if you installed it. The leaked patch is detected by Windows Update and may interfere with installing the official patch. Step 3. Run Microsoft Update. Install MS06-001 and any other critical patches you may need. If you haven't yet upgraded from Windows Update (WU) to the newer Microsoft Update (MU), you may use WU. But I recommend that you upgrade to MU when WU suggests you do so. MU updates Microsoft Office and other apps as well as Windows. Step 4. Re-register Shimgvw.dll, if you deregistered it. Complete information on deregistering this file is contained in Microsoft security bulletin MS06-001, in the Workarounds portion of the Vunerability Details section. To re-register the file, run the same command but leave out the -u and the space after it. Step 5. Uninstall the unofficial Guilfanov patch, if you installed it. The developer himself and several other experts have confirmed that his patch does not need to be removed before installing Microsoft's official patch, which rewrites files on disk. After installing MS06-001, there is no need for the Guilfanov patch. It fixes the DLL in memory, which is no longer necessary, and his patch should be removed. Printing problems were reported with some older Windows programs; these issues appear to be related to the DLL file being deregistered. The problems will probably by cured (but not necessarily) by installing MS06-001 and re-registering the DLL, as explained by the ISC. For more information about the WMF situation, the ISC has published a detailed FAQ. Some details are now out of date due to the release of Microsoft's official patch. Also, a useful interview with developer Guilfanov has been published by Securiteam. We'll have extensive information on the WMF problem, the various fixes, and any negative-side effects in the paid version of our regular Jan. 12 newsletter. How to upgrade to the paid version Please update your postal code The Windows Secrets Newsletter will begin to include local information, based on each subscriber's ZIP or postal code, within the next few issues. After we announced this in our Jan. 4 news update, more than 14,000 of our readers updated their preferences page to enter the correct code. We'll have a report on the general location of our readers around the world in an upcoming issue. Please check the following information that's in our data base and enter your postal code, if it's blank or incorrect: Your ZIP or postal code: [enter postal code] We'll have complete information about the kinds of location-specific features that will be in the newsletter as soon as we're able to release these details. If you saw an error page when you tried to update your postal code on Jan. 4, please try again. This error was caught and fixed. Thanks for your help. —Brian Livingston, Editor Next regular issue will be Jan. 12 Today's e-mail message is a short news update. Our next regular issue will be published according to our usual twice-a-month schedule on Jan. 12. That's two days after Microsoft Patch Tuesday, when new Windows patches are usually released. News updates don't include our usual columnists, our Wacky Web Week feature, or other sections. A news update also has no free version and no paid version; it's all the same message. Contents

FORWARDING INSTRUCTIONS Please share this information with your friends You're encouraged to refer your friends and colleagues to this free newsletter. Because most e-mail programs don't correctly display a formatted message that's been forwarded, simply call people's attention to the permanent Web address of this issue: WindowsSecrets.com/comp/060106.

ABOUT YOUR SUBSCRIPTION The Windows Secrets Newsletter is published twice a month on alternating Thursdays. Issues appear 2 days and 16 days after Microsoft Patch Tuesday (the 2nd Tuesday of each month). Only the first issue of the month is published in August and December to allow vacation breaks. A short "news update" is sometimes published between regular newletters. Publisher: WindowsSecrets.com LLC, 300 Queen Anne Ave. N. #456, Seattle, WA 98109 USA. Vendors, please send no unsolicited packages to this address (readers' letters are fine). Editor: Brian Livingston. Contributing Editors: Susan Bradley, Woody Leonhard, Chris Mosby, Ryan Russell. Research Director: Vickie Stevens. Program Director: Brent Scheffler. Trademarks: Windows is a registered trademark of Microsoft Corporation. The Windows Secrets series of books is published by Wiley Publishing Inc. The Windows Secrets Newsletter, WindowsSecrets.com, WinFind, Windows Gizmos, Index of Reviews, Briefing Session, Windows Patch Watch, Perimeter Scan, Update Management, and Wacky Web Week are trademarks and service marks of WindowsSecrets.com LLC. All other marks are the trademarks or service marks of their respective owners. How to subscribe: Anyone may subscribe to this newsletter by visiting WindowsSecrets.com/info. Our Ironclad Privacy Guarantee: (1) We will never sell, rent, or give away your address to any outside party, ever; (2) We will never send you any unrequested e-mail, besides newsletter updates; and (3) All *** requests are always honored immediately, period. Privacy policy YOUR SUBSCRIPTION PREFERENCES (change your preferences): Delivery address: *** Alternate address: Country: United States Postal code: Reader number: 56541-09336 Bounce count: 0 Your bounce count is the number of times your server has bounced a newsletter back to us since the last time you visited your preferences page. We cannot send newsletters to you after your bounce count reaches 3, due to ISP policies. If your bounce count is higher than 0 or blank, please visit your preferences page. This automatically resets your bounce count to 0. To change your preferences: Please visit your preferences page at WindowsSecrets.com/prefs. To upgrade your free subscription to paid: Please visit WindowsSecrets.com/upgrade. To re-send a missed newsletter to yourself: If your mail server blocked a newsletter, you can re-send the current issue to yourself. To do so, visit your preferences page and turn on the "re-send" check box. To get subscription help by e-mail (fastest method): Visit WindowsSecrets.com/contact. Subscription help by facsimile: 206-282-6312 (fax). Emergency subscription help by phone: 206-282-2536 (24 hours). HOW TO ***: To *** *** from the Windows Secrets Newsletter, Use this 2-click *** link; or Send a blank e-mail to w-leave@WindowsSecrets.com with leave *** as the Subject line; or Visit WindowsSecrets.com/***. Copyright © 2006 by WindowsSecrets.com LLC. All rights reserved. Contents

 

© 2007 - The Code Kitchen for interface design and text. Newsletter content remains the copyright of the respective publishers.
Contact: info@newsletterarchive.org