I restored the old configuration and the blog will continue its normal operation now. The hotfix can not be downloaded from the site anymore but its source code is still available.
Thank you all for the support! I’d like to say thank you once more to the guys who mirrored the files!
P.S. Next week we will talk about some decompilation problems.
Team
- Ilfak Guilfanov
- Elias Bachaalany
- Igor Skochinsky
- Daniel Pistelli
The IDA Pro Book (2nd Ed)
-
Recent Posts
Recent Comments
- tank on The trace replayer
- Ilfak Guilfanov on IDA Pro, Python and Qt
- Isaac S on IDA Pro, Python and Qt
- Daniel on The trace replayer
- joxean on The trace replayer
Categories
Archives
- April 2012
- January 2012
- October 2011
- September 2011
- August 2011
- July 2011
- May 2011
- April 2011
- February 2011
- January 2011
- December 2010
- October 2010
- August 2010
- July 2010
- June 2010
- May 2010
- April 2010
- March 2010
- February 2010
- January 2010
- November 2009
- October 2009
- September 2009
- August 2009
- July 2009
- June 2009
- May 2009
- April 2009
- February 2009
- January 2009
- November 2008
- October 2008
- September 2008
- August 2008
- July 2008
- June 2008
- April 2008
- March 2008
- February 2008
- January 2008
- November 2007
- October 2007
- September 2007
- August 2007
- June 2007
- May 2007
- April 2007
- March 2007
- February 2007
- January 2007
- December 2006
- October 2006
- September 2006
- August 2006
- June 2006
- May 2006
- April 2006
- March 2006
- February 2006
- January 2006
- December 2005
- November 2005
- October 2005
Could you please make a Win 95/98/ME WMF patch since Microsoft won’t? There are millions of machines still vulnerable due to Microsoft’s reluctance to support their earlier versions.
Thanks!
Unfortunately I do not have a Windows98 machine. It is impossible for me to create a fix without it. Second, while the vulnerability exists, it seems to be much less exposed. Thanks for understanding.
looks, that you will have some additional work there
http://www.securityfocus.com/bid/16167
ilfak
I installed your patch and found it prevented me from using the MS fax and picture viewer. I just changed the file association to another program. I just installed the “official” MS fix and would like to be able to use the MS Fax and Picture viewer. Is there some way to uninstall your patch?
Yes, the hotfix comes with an uninstaller. You can uninstall it from the Add/Remove Programs window. It will be listed as “Windows Metafile Hotfix”
The hotfix does not disable the Fax and Picture viewer. To be able to use the viewer you will need to restore the original setting for the file assiciation.
To learn about alternative methods of uninstalling the patch, I recommend you to read a nice and comprehensive FAQ from CastleCops:
http://castlecops.com/a6445-WMF_Exploit_FAQ.html
Hi! It looks like there are 2 new WMF vulnerabilities that have been reported. Microsoft has poo-pooed them away, but it is an exploit that can be used to 100% crash a windows machine every time with a BSOD with an error message that doesnt match what happened. Any possibility either (a) your patch already blocks that threat or (b) you will work on a fix for that?
Hi Ilfak,
My name is Benny. I have a business proposition for you. Would you consider it? Please send me an e-mail.
Thank you..
Welcome back Ilfak!
welcome back its been too long
Ever since I installed the “hotfix”, deregistered shimgvw.dll, then registered shimgvw.dll and undid the hotfix and installed the MS fix, I cannot send email from MS Outlook. Any ideas?
At first sight it looks like a problem not linked to the patch or hotfix. They modify the graphical subsystem which displays things on the screen but nothing network or mail related. I’d recommend you to verify the mail settings with your provider.
Thank you for coming out with a fix. Its wonderful to see someone who is more concerned with computer security than profits or schedules and has the courage to pick up the ball after Microsoft has dropped it.
normal operation?
Sir, your blog looks like total shit on a 1920×1200 screen. I realize that you being a russian citizen can’t afford a screen wider than 640×480, but us capitalist americans have no problem buying new hardware. To see what i’m talking about, view http://pihost.us/~dj28/narrow.PNG
Thanks.
Wide text is difficult to read. Empty spaces to the left and right of the text could be filled by advertisement blocks but I do not use ads on the site.
Here is a link for your perusal:
http://www.outfront.net/tutorials_02/design/text_design.htm
Is it possible to specify the width in inches/cm rather than pixels, so that the centre column is a readable width for all users, regardless of resolution? (Assuming that the browser/OS combo knows the dpi of the screen, of course, and that smug people with huge monitors don’t sit much further away from them <g>)
First off, thanks a bunch for doing the right thing and releasing a patch, your efforts probably resulted in preventing a lot of people a lot of pain.
. Thanks a bunch, see ya next outbreak!
I deployed it where I work without issue, and I know that some one here would have gotten infected if that patch had not gotten out.
Now on to the next flaw, do ya know anybody working on the BlackWorm LAN exploit vector?
-charles
I too would like to be able to download
the patch for 95/98/ME, as my wife is running
98 on her old-but-still-good machine.
–dave