| Konu: |
Yazar: |
Zaman: |
|
|
|
Aziz Bilgili
|
30.12.2005 10:21
|
|
| Mcafee Kullanıcıları için:
Mcafee nin extra.dat file ının manuel olarak indirilmesini ve dat ın geçilmesi gerekmekte.
http://vil.mcafeesecurity.com/vil/content/v_137760.htm
*** İlgili açık için Micrasoft Patch çıkartana kadar aşağıdaki yöntem tavsiye edilmektedir.
Microsoft's bulletin confirms that this vulnerability applies to all the main versions of Windows: Windows ME, Windows 2000, Windows XP and Windows 2003.
They also list the REGSVR32 workaround. It's a good idea to use this while waiting for a patch. To quote Microsoft's bulletin:
Un-register the Windows Picture and Fax Viewer (Shimgvw.dll)
1. Click Start, click Run, type "regsvr32 -u %windir%\system32\shimgvw.dll"
(without the quotation marks), and then click OK.
2. A dialog box appears to confirm that the un-registration process has succeeded.
Click OK to close the dialog box.
Impact of Workaround: The Windows Picture and Fax Viewer will no longer be started
when users click on a link to an image type that is associated with the Windows Picture and Fax Viewer.
Kaynak:
http://www.f-secure.com/weblog/
@ziz Bilgili
|
|
|
Sir Vivor
|
04.01.2006 03:18
|
|
| F-secure sitesinde daha sonraki yazılarda @ziz arkadaşımızın yazdığı önerinin tamamen açığı kapatmadığını söylüyorlar. Örnek olarak MSPAINT'in açıktan halen etkilendiğini ve Ilfak'ın (respect!) hazırladığı fix'i öneriyorlar:
http://www.f-secure.com/weblog/archives/archive-122005.html#00000756
Internet Storm Center'da aynı çözümü öneriyor:
http://isc.sans.org/diary.php?rss&storyid=996
10 Ocak'da yama çıkana kadar geçici olarak bu şekilde koruma sağlanabilir.
http://www.hexblog.com/2005/12/wmf_vuln.html
> use this while waiting for a patch. To quote Microsoft's
> bulletin:
> Un-register the Windows Picture and Fax Viewer
> (Shimgvw.dll)
> 1. Click Start, click Run, type "regsvr32 -u
> %windir%\system32\shimgvw.dll"
> (without the quotation marks), and then click OK.
> 2. A dialog box appears to confirm that the
> un-registration process has succeeded.
> Click OK to close the dialog box.
> Impact of Workaround: The Windows Picture and Fax Viewer
> will no longer be started
> when users click on a link to an image type that is
> associated with the Windows Picture and Fax Viewer.
>
> Kaynak:
> http://www.f-secure.com/weblog/
>
>
> @ziz Bilgili |
|
|
Murat Asan
|
04.01.2006 16:10
|
|
|
http://www.hexblog.com/2005/12/wmf_vuln.html
yukarıdaki site forbidden hatası veriyor.başka bir siteden bu dosyayı alamazmıyız??
|
|
|
Sir Vivor
|
04.01.2006 17:51
|
|
| The hotfix for the WMF vulnerability can be downloaded from any the following URLs:
http://www.grc.com/miscfiles/wmffix_hexblog14.exe
http://handlers.sans.org/tliston/wmffix_hexblog14.exe
http://castlecops.com/modules.php?name=Downloads&d_op=getit&lid=496
http://csc.sunbelt-software.com/wmf/wmffix_hexblog14.exe
http://www.antisource.com/download/wmffix_hexblog14.exe
http://hexblog.axmo12.de/wmffix_hexblog14.exe
http://www.dsinet.org/files/wmffix_hexblog14.exe
http://lab.nsl.it/wmffix_hexblog14.exe
The MD5 checksum of the file is 15f0a36ea33f39c1bcf5a98e51d4f4f6.
>
> http://www.hexblog.com/2005/12/wmf_vuln.html
>
> yukarıdaki site forbidden hatası veriyor.başka bir siteden
> bu dosyayı alamazmıyız??
>
>
|
Microsoft Windows WM
