Friday, January 06, 2006

Microsoft patches .wmf vulnerablity

Microsoft has made a patch available for the .wmf vulnerablity. The patch was release yesterday after finishing testing, which was ahead of schedule. Their (MS) monthly patch will be out next tuesday. Mike Nash Corporate Vice President responsible for security at Microsoft wrote in the team blog that the decision to release ahead of schedule was driven by talking to customers and that they had indicated a preference to have the patch available out of cycle. Customers with automatic update turned on will automatically receive the update. At an enterprise level, Nash advised putting the patch through exactly the same testing procedures run on any security update before rolling it out. More information can be found on their website.

However, GRC.com put out a temporary patch to help protect Windows users from the exploitation of the WMF vulnerability. You can apply either patches, Do the GRC.com patch then microsoft's or just not update at all.

No comments: