More info. This seems pretty reasonable: http://castlecops.com/a6445-WMF_Exploit_FAQ.html Steve Gibson is also mirroring Guilfanov's bypass, and says Microsoft's cryptographically signed but unreleased patch is floating around the net now: http://www.grc.com/sn/notes-020.htm In my reading this is a serious vulnerability, but the self- inflating agitation in the "security community" has reached a highly annoying level. I'm in the FTDT (fix the damn thing) school; let's deal with it and get on with it. Every cycle spent moaning about the faults of Microsoft is a lost opportunity for something more productive. Back to /usr/lurk . . . regards, Fred -----------------
On Wed, 4 Jan 2006, Brance Amussen wrote:
Howdy, Here is the link to the unofficial patches creators site. http://www.hexblog.com/ This is the one sans links to. Sans seems to be having a hard day.. No Dshield mailings today either.. Isc.sans.org is sporadic as well..
According to isc.sans.org, hexblog.com was down due to bandwidth issues earlier. See the isc.sans.org homepage for details on alternate ways to get to it.