Buck Naked
Senior member
- Jun 29, 2005
- 706
- 0
- 0
Originally posted by: theman
what exactly does the unofficial patch look like in add/remove programs?
Originally posted by: STaSh
Microsoft is releasing the patch for this vulnerability TODAY at 2pm EST.
Originally posted by: conjur
Originally posted by: STaSh
Microsoft is releasing the patch for this vulnerability TODAY at 2pm EST.
http://www.microsoft.com/downloads/deta...-499E-B89B-215B7BB4D8E9&displaylang=en
Would that be Security Update for Windows XP(KB912919) ? For regular user, do I apply this patch or not?
Originally posted by: mechBgon
Here's a relevant article talking about which antivirus companies are doing best at detection right now: http://blog.ziffdavis.com/seltzer/archive/2006/01/04/39774.aspx If a .WMF exploit file is on your drive, it may get picked up. If the payload is on your drive, it may get picked up.
Posted @ 1/5/2006 8:20 AM
I received today this up-to-date information from Trend Micro:
MOST IMPORTANT: Out of 214 WMF exploit samples received today, Trend Micro detect 214
Specifically or generically; using the latest pattern (3.145.00) and engine (8.xxx) files.
Trend Micro generic detections:
- EXPL_WMF.GEN
- TROJ_NASCENE.GEN
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_NASCENE.GEN
IMPORTANT: The generic pattern/detection for the WMF bug (and for other generic patterns as well) does not rely on the filename (of the file). For the WMF exploit, Trend Micro has parsing routines to identify the WMF file, and then go to the exploit part and then detect it. So even if the WMF file has been renamed, Trend Micro can still detect it.