- Samuel's Blog - https://samuelgordonstewart.com -

Microsoft release WMF patch

As you would probably be aware by now, Microsoft have released a patch for the WMF exploit [1]. Microsoft have only released the patch for Windows 2000, XP and Server 2003, if you’re using another version of Windows then you’re out of luck for now, but Steve Gibson from grc.com [2] has said that he may explore writing a patch for the unpatched versions of Windows. Steve, incidentally, helped in the development of the unofficial patch written by Ilfak Guilfanov [3].

To download the patch from Microsoft, visit http://www.microsoft.com/technet/security/Bulletin/MS06-001.mspx [4] and follow their links, or run Windows Update.

To establish if you are vulnerable to the WMF exploit, you can download this WMF file [5] (thanks to the Internet Storm Centre [6]). Download it to your desktop and open it, if you are vulnerable the calculator will open and possibly crash Windows Explorer or whatever program you open it with, this WMF file will not harm your system. If you open it and the calculator doesn’t open, then you are safe. Upon further inspection I have discovered that Norton Anti-Virus detects it as “Bloodhound.Exploit.56” (it’s name for the WMF exploit) and claims that it cannot repair the file. If you are running anti-virus software you might not be able to test the file.

Samuel