 |
Pegasus3d.com
Discussions on multiple topics, open to all
|
| View previous topic :: View next topic |
| Author |
Message |
Jay
Ex OSYer
Captain
Joined: 09 May 2003
Posts: 1589
|
 Posted: Tue Jan 03, 2006 8:57 am Post subject: The pool is now open... how long will it take to fix it? |
 |
|
I'm sure you've all heard about this particular issue on Windows systems involving WMF files. Apparently the problem affects Windows installations all the way back to Windows 3.0:
| Quote: |
| A newly-reported flaw in the way Windows handles images was successfully exploited over the New Year's weekend, and no official patch is yet available from Microsoft. The problem stems from the way that Windows deals with .WMF (Windows Metafile) images; a maliciously crafted image can execute code on any Windows system, including XP SP2. All that's required to trip the payload is viewing a .WMF image locally or on the web. An e-mail titled "Happy New Year" is already making the rounds with an attachment labeled "HappyNewYear.jpg" that is really a disguised .WMF image. Trusted web sites are also capable of being compromised. The Internet Storm Center reports that knoppix-std.org was compromised by the addition of a frame that redirected browsers to a malicious .WMF file. |
Typically I'm not one to point the finger at MS over a security issue, considering the prevalence of such issues across the spectrum - but in this case I find myself hard-pressed to defend MS here. I mean really this bug has been in their software 15 years and despite the fact that its only been publically disclosed for about a week, given the fact that a real exploit(s) and a virus are already exploiting the hole, an official MS patch for 2003/XP would be appreciated.
I've got some of our clients installing the unofficial patch that is out there... but honestly that really was a hard decision to make. It was only the potential for massive exploitation that pushed me to install an unofficial patch for the issue. How are the rest of you handling this issue? From my perspective it seems impossible to ignore but the options I have on the table are very limited indeed...
|
|
| Back to top |
|
 |
MasterOfTheHat
Commander
Joined: 11 Aug 2004
Posts: 794
Location: In a galaxy far, far, far, far, really really far away...
|
| Posted: Tue Jan 03, 2006 9:56 am Post subject: |
|
|
If it's that big of an exploit, a hotfix will have to be coming soon... Don't these people have lives? Or do they just sit around all day trying to find little holes in software?
EDIT: Well, here's what we're doing about it until a hotfix is in place: http://vil.nai.com/vil/content/v_137760.htm
_________________
For my fellow OSYers - You know you're addicted to programming when:"The people you respect most you have never physically seen or spoken to, but you always bow to their knowledge."
*Quantum physics texts are an excellent source of 100% of the recommended daily alowance of "WTF!?!" - HitScan
support.microsoft's cause for a 0x0000007f STOP error:
"• Your computer has hardware or software problems. "
|
|
| Back to top |
|
|
Jay
Ex OSYer
Captain
Joined: 09 May 2003
Posts: 1589
|
| Posted: Tue Jan 03, 2006 11:43 am Post subject: |
|
|
The Internet Storm Center is responding slowly, but here is what they have regarding a hotfix:
| Quote: |
'Microsoft has completed development of the security update for the vulnerability. The security update is now being localized and tested to ensure quality and application compatibility. Microsoft's goal is to release the update on Tuesday, January 10, 2006, as part of its monthly release of security bulletins. This release is predicated on successful completion of quality testing.
The update will be released worldwide simultaneously in 23 languages for all affected versions of Windows once it passes a series of rigorous testing procedures. It will be available on Microsoft's Download Center, as well as through Microsoft Update and Windows Update. Customers who use Windows' Automatic Updates feature will be delivered the fix automatically. |
Honestly I know I'm going to take some heat for saying this: But January 10th isn't soon enough. Not with a virus and easy to build exploitation tools already in the wild. I suspect there will be many many many machines infected with a virus that spreads itself via this security hole by the end of the week.
|
|
| Back to top |
|
|
Jeremy Reimer
King of Canada
1st Lord of the Admiralty
Joined: 01 Aug 2002
Posts: 7833
Location: 789-M
|
| Posted: Tue Jan 03, 2006 12:56 pm Post subject: |
|
|
Yeah, that's pretty bad, and just after we got finished with a discussion about how there haven't really been any major 0-day Windows exploits...
Has anyone been hit by this thing yet? What does it do?
_________________
"Those afraid of the universe as it really is, those who pretend to nonexistent knowledge and envision a Cosmos centered on human beings will prefer the fleeting comforts of superstition. They avoid rather than confront the world. But those with the courage to explore the weave and structure of the Cosmos, even where it differs profoundly from their wishes and prejudices, will penetrate its deepest mysteries."
-- Carl Sagan
"Its not a rule. Its just something I noticed. Several of us have more than one sig." - Mord
"No, you are a troll, and I should have never let you back to Ars in after the first 16,000 bannings." - Caesar, to He Who Shall Not Be Named
|
|
| Back to top |
|
|
Jay
Ex OSYer
Captain
Joined: 09 May 2003
Posts: 1589
|
| Posted: Tue Jan 03, 2006 1:47 pm Post subject: |
|
|
Apparently the guys at the ISC are little annoyed about the January 10th response (which as they note below happens to fall right into MS' standard patch release cycle). Parental Discretion is advised:
| Quote: |
"Although the issue is serious and malicious attacks are being attempted, Microsoft's intelligence sources indicate that the scope of the attacks are not widespread."
- Microsoft Security Advisory (912840)
"...Microsoft's intelligence sources..."?!?
Go ahead and laugh. I'll wait.
Through? O.K.
While all of the rest of us were sleeping, it appears that the propeller-heads working on Billy Wonka's Official Microsoft Research and Development Team have been hard at work creating a crystal ball capable of foretelling the future. The only problem: it appears that they made it from rose-colored crystal.
In their rosy vision of the future, over the next seven days, nothing bad is going to happen. The fact that there are point-n-click toolz to build malicious WMFs chock full o' whatever badness the kiddiez can cook up doesn't exist in that future. The merry, lil' Redmond Oompa Loompas are chanting "Our patch isn't ready / you have to wait / so keep antivirus / up-to-date" which makes perfectly accurate, current AV signatures appear on every Windows computer - even those with no antivirus software.
The future, according to Microsoft, is a wonderful, safe, chocolaty place.
And why not? Everything just seems to work out for them!
Imagine! You have tons and tons of work to do! Even now, the Oompa Loompas are hard at work out in Redmond, simultaneously regression-testing and translating Microsoft's WMF patch into Swahili and Urdu. And, somehow, as if by magic, all of this work will wind down at precisely the right moment so that the WMF patch doesn't have to be released "out of cycle." How convenient! Especially if you're wanting to avoid all of that nasty "Microsoft Releases Emergency Patch" publicity.
And remember, if something bad does happen to you during the next seven days, Billy Wonka and his Magic Metafiles aren't to blame. You are!
"Customers who follow safe browsing best practices are not likely to be compromised by any exploitation of the WMF vulnerability. Users should take care not to visit unfamiliar or un-trusted Web sites that could potentially host the malicious code."
Why are you visiting places on the web you've never been before? Restrict your browsing to safe places, and everything will be just fine. 'Cause no one could ever put a bad graphic file on a place you trust. |
If it wasn't for the seriousness of the situation, I do believe I would've fallen out of my chair laughing over that piece of text.....
|
|
| Back to top |
|
|
Magus
Tolkien Loremaster
Vice Admiral
Joined: 17 Aug 2001
Posts: 9521
Location: On the Stairway to Heaven.
|
| Posted: Tue Jan 03, 2006 2:00 pm Post subject: |
|
|
1) This is obscure as all hell, so I don't blame them for not finding it before. Considering it also took the assholes who delight in fucking things up fifteen years to find...
2) For email, the rules haven't changed. For the love of God, don't open attachments in strange emails.
3) January 10th is a bit far off, but I'd hope that's only a padded estimate. I'd rather have a patch that absolutely works than a half-assed attempt that could introduce even more problems.
And now, I'll listen once again to claims that I'm an MS zealot. 
_________________
<Paolo|Work> anything that has to do with Java is by definition stupid
1 The Network is my domain, I shall not want; 2 though it makes me wait upon collision, it leads me to the Internet; 3 it restores my connection. It leads me in paths of hypertext transfer for google's sake. 4 Even though I walk through the valley of the shadow of power failures, I fear no data corruption; for backups art with me; thy UPS and thy status light, they comfort me. 5 Thou preparest a firewall before me in the presence of my enemies; thou anointest my CD-R with BurnProof, my buffer never underflows. 6 Surely good deals and pr0n shall follow me all the days of my life; and I shall dwell in the house of the Datacenter for ever.
-HitScan
Wilde is a 4' chinese man in a bright pink tutu, lime green pimp hat with peacock feathers, and a purple feather boa, wearing tissue stuffed snakeskin combat boots, holding a gun bigger than he is, smoking a cigarette in the parking garage, trying to look menacing while pouting and head banging to Godsmack I stand alone |
|
| Back to top |
|
|
Jay
Ex OSYer
Captain
Joined: 09 May 2003
Posts: 1589
|
| Posted: Tue Jan 03, 2006 2:39 pm Post subject: |
|
|
| Magus wrote: |
| 1) This is obscure as all hell, so I don't blame them for not finding it before. Considering it also took the assholes who delight in fucking things up fifteen years to find... |
Agreed.
| Magus wrote: |
| 2) For email, the rules haven't changed. For the love of God, don't open attachments in strange emails. |
How about inline jpg and gif images that are actually wmfs containing a payload? Not quite so simple there.... Not to mention the attached wmf file can have a jpg (whatever) extension as Windows apparently uses some magic byte system to determine whether or not it is really a wmf file.
| Magus wrote: |
| 3) January 10th is a bit far off, but I'd hope that's only a padded estimate. I'd rather have a patch that absolutely works than a half-assed attempt that could introduce even more problems. |
All indications are that the unofficial patch works just fine for XP/2003 machines. If some guy who we've never heard of before can throw together a patch that just works across multiple versions of windows, why can't Microsoft? I realize that if they did this, the standard "at your own risk" boilerplate applies, but this is a big deal and the fact they are waiting until their normal patch release cycle to put a fix for this out there reeks of "not taking this seriously".
| Magus wrote: |
| And now, I'll listen once again to claims that I'm an MS zealot. |
I wouldn't say that... you just have a different viewpoint on this than myself  There is nothing wrong with that at all.
|
|
| Back to top |
|
|
FondueDaredevil
Linux Looney
Rear Admiral
Joined: 12 Jul 2002
Posts: 5381
Location: My name is Elmer J Fudd, millionaire. I own a mansion and a yacht.
|
| Posted: Tue Jan 03, 2006 3:32 pm Post subject: |
|
|
Countdown to CNN.com or some other major media outlet posting a compromised image on one of their pages....
_________________
"Our products just aren't engineered for security."
- Brian Valentine, Senior VP in charge of MS Windows Development
"I call on those who question the motives of the president and his national security advisers to join with the rest of America in presenting a united front to our enemies abroad." Sen. Dick Durbin, 1998
"There's no set architecture in Linux. All roads lead to madness" - William Hilf, Microsoft homonculous
Supervillains for Linux! |
|
| Back to top |
|
|
Magus
Tolkien Loremaster
Vice Admiral
Joined: 17 Aug 2001
Posts: 9521
Location: On the Stairway to Heaven.
|
| Posted: Tue Jan 03, 2006 4:57 pm Post subject: |
|
|
| Jay wrote: |
| How about inline jpg and gif images that are actually wmfs containing a payload? Not quite so simple there.... Not to mention the attached wmf file can have a jpg (whatever) extension as Windows apparently uses some magic byte system to determine whether or not it is really a wmf file. |
Inline... ah, right. I turned off html email long ago, not for any plain text zealotry, but rather to avoid cutesy pictures and crap in my mail. When you have relatives who foward fowards and so on...
| jay wrote: |
| All indications are that the unofficial patch works just fine for XP/2003 machines. If some guy who we've never heard of before can throw together a patch that just works across multiple versions of windows, why can't Microsoft? I realize that if they did this, the standard "at your own risk" boilerplate applies, but this is a big deal and the fact they are waiting until their normal patch release cycle to put a fix for this out there reeks of "not taking this seriously". |
I disagree, it'd be idiotic not to take this seriously, and we've seen the company do a 180 on security. It seems more like "we want to make sure the patch works". Of course, we're both speculating. 
_________________
<Paolo|Work> anything that has to do with Java is by definition stupid
1 The Network is my domain, I shall not want; 2 though it makes me wait upon collision, it leads me to the Internet; 3 it restores my connection. It leads me in paths of hypertext transfer for google's sake. 4 Even though I walk through the valley of the shadow of power failures, I fear no data corruption; for backups art with me; thy UPS and thy status light, they comfort me. 5 Thou preparest a firewall before me in the presence of my enemies; thou anointest my CD-R with BurnProof, my buffer never underflows. 6 Surely good deals and pr0n shall follow me all the days of my life; and I shall dwell in the house of the Datacenter for ever.
-HitScan
Wilde is a 4' chinese man in a bright pink tutu, lime green pimp hat with peacock feathers, and a purple feather boa, wearing tissue stuffed snakeskin combat boots, holding a gun bigger than he is, smoking a cigarette in the parking garage, trying to look menacing while pouting and head banging to Godsmack I stand alone
|
|
| Back to top |
|
|
Jay
Ex OSYer
Captain
Joined: 09 May 2003
Posts: 1589
|
| Posted: Tue Jan 03, 2006 5:28 pm Post subject: |
|
|
| Magus wrote: |
| I disagree, it'd be idiotic not to take this seriously, and we've seen the company do a 180 on security. It seems more like "we want to make sure the patch works". Of course, we're both speculating. |
Indeed - I went ahead and installed the unofficial patch on all of my personal machines this evening. I'm browsing to too many unsavory sites (not all torrent sites are created equal) for me not to take this one seriously from a web browsing standpoint.
|
|
| Back to top |
|
|
Magus
Tolkien Loremaster
Vice Admiral
Joined: 17 Aug 2001
Posts: 9521
Location: On the Stairway to Heaven.
|
| Posted: Thu Jan 05, 2006 3:01 pm Post subject: |
|
|
Sorry, I simply do not trust third party "patches".
Besides, patch is out:
http://www.microsoft.com/technet/security/Bulletin/MS06-001.mspx
_________________
<Paolo|Work> anything that has to do with Java is by definition stupid
1 The Network is my domain, I shall not want; 2 though it makes me wait upon collision, it leads me to the Internet; 3 it restores my connection. It leads me in paths of hypertext transfer for google's sake. 4 Even though I walk through the valley of the shadow of power failures, I fear no data corruption; for backups art with me; thy UPS and thy status light, they comfort me. 5 Thou preparest a firewall before me in the presence of my enemies; thou anointest my CD-R with BurnProof, my buffer never underflows. 6 Surely good deals and pr0n shall follow me all the days of my life; and I shall dwell in the house of the Datacenter for ever.
-HitScan
Wilde is a 4' chinese man in a bright pink tutu, lime green pimp hat with peacock feathers, and a purple feather boa, wearing tissue stuffed snakeskin combat boots, holding a gun bigger than he is, smoking a cigarette in the parking garage, trying to look menacing while pouting and head banging to Godsmack I stand alone |
|
| Back to top |
|
|
kingpinmc
Dark Stalker
Lieutenant
Joined: 03 Apr 2004
Posts: 341
Location: Stuck In a Dungeon
|
| Posted: Thu Jan 05, 2006 8:09 pm Post subject: |
|
|
ooh, looky I had five days early. What do I win Jay?
Oh and congrats on the second internet imaginary legal threat 
_________________
"Then I saw little Tiffany. I'm thinkin', you know, eight year old white girl, middle of the ghetto, bunch of monsters, this time of night with quantum physics books? She's about to start some shit, Zed.” - J - Men in Black
So.....
Maxi Does Dallas?
 - Mord |
|
| Back to top |
|
|
Jay
Ex OSYer
Captain
Joined: 09 May 2003
Posts: 1589
|
| Posted: Thu Jan 05, 2006 8:33 pm Post subject: |
|
|
You win... NOTHING!
Thanks - I really worked hard on that one. I had a bit of an email battle with him last night but that died off pretty quick. I'd say my interactions with him have likely come to an end. I get the feeling he may not be returning to C9 anytime soon.... (more than a feeling!)
As for the patch release. I'm glad they got it out so quick. I wonder if they were just multiplying the repair estimate Scotty style or did public pressure force them to release early rather than waiting for their cycle....
I guess we'll never know. Anyway I've got all my personal machines upgraded to the real patch now and everything is running smooth. |
|
| Back to top |
|
|
kingpinmc
Dark Stalker
Lieutenant
Joined: 03 Apr 2004
Posts: 341
Location: Stuck In a Dungeon
|
| Posted: Fri Jan 06, 2006 6:10 am Post subject: |
|
|
| Jay wrote: |
| You win... NOTHING! |
You are such a tease
_________________
"Then I saw little Tiffany. I'm thinkin', you know, eight year old white girl, middle of the ghetto, bunch of monsters, this time of night with quantum physics books? She's about to start some shit, Zed.” - J - Men in Black
So.....
Maxi Does Dallas?
- Mord
|
|
| Back to top |
|
|
Count_Blah
Yummy?
Commander
Joined: 12 Oct 2004
Posts: 514
Location: The Netherlands
|
| Posted: Fri Jan 06, 2006 7:21 am Post subject: |
|
|
I don't trust the unofficial patch either, but at my student association we patched them unoffically, since the risk was greater that some user would just click yes to "THIS IS PROBABLY A VIRUS, ARE YOU REALLY SURE?" dialoges. It wasn't my call.
When ever people send me cutsey e-mails, they get an angry e-mail back to never do that again or suffer the consequences.
_________________
"The count on sesamestreet is an imposter, he is only from Brooklin, I am a real Count from Romania, Blah" - Count Blah in Gregg the Bunny
Remember: Silly is a state of Mind, Stupid is a way of Life.
-- Dave Butler |
|
| Back to top |
|
|
Jay
Ex OSYer
Captain
Joined: 09 May 2003
Posts: 1589
|
| Posted: Fri Jan 06, 2006 9:05 am Post subject: |
|
|
I've built a self extracting executable with a batch file that uninstalls the old patch and installs the 2K/XP patch. This is for the client that we had install the unofficial patch. We needed to make the final patch install/unofficial uninstaller something easy that wouldn't require any brain power for the remote users....
If anybody wants it, let me know. It only handles 2K/XP and forces a reboot after installing the official patch (which is done after it uninstalls the unofficial one). It will work with either the MSI/EXE installer version of the unofficial patch. The installer already has the official MS patches included. If you installed the unoffical patch via EXE file, the uninstall will only work if you used the default installation location.
Code for the batch file:
| Code: |
@ECHO OFF
REM Uninstall UnOfficial MSI based patch
ECHO Uninstalling unofficial emergency patch....
"C:\Program Files\WindowsMetaFileFix\unins000.exe" /VERYSILENT /SUPPRESSMSGBOXES /NORESTART
msiexec.exe /X{E1CDC5B0-7AFB-11DA-8CD6-0800200C9A66} /qn /noreboot
REM Determine what OS we are dealing with
ver | find "5.00." > nul
IF %ERRORLEVEL% == 0 GOTO WIN2K
ver | find "5.1." > nul
IF %ERRORLEVEL% == 0 GOTO WINXP
ECHO This version of Windows is unsupported for this operation
GOTO END
:WINXP
REM Install Official Patch for Windows XP SP1/SP2
ECHO Installing official patch for Windows XP...
WindowsXP-KB912919-x86-ENU.exe /quiet /forcerestart
GOTO END
:WIN2K
REM Install Official Patch for Windows 2K SP4
ECHO Installing official patch for Windows 2000...
Windows2000-KB912919-x86-ENU.EXE /quiet /forcerestart
GOTO END
:END
REM Clean up and Finish
ECHO Patch Process has completed. Hit enter to close this window.
PAUSE
|
Last edited by Jay on Fri Jan 06, 2006 9:06 am; edited 1 time in total
|
|
| Back to top |
|
|
kingpinmc
Dark Stalker
Lieutenant
Joined: 03 Apr 2004
Posts: 341
Location: Stuck In a Dungeon
|
| Posted: Fri Jan 06, 2006 9:06 am Post subject: |
|
|
| Count_Blah wrote: |
| When ever people send me cutsey e-mails, they get an angry e-mail back to never do that again or suffer the consequences. |
I guess one of my funniest instances of this was an email that said if you love Jesus you'll forward this to God and everybody, so I sent the guy an email back saying that if he loved Jesus he wouldn't fill peoples mailbox up with useless spam. Boy did I become a heathen for that. 
_________________
"Then I saw little Tiffany. I'm thinkin', you know, eight year old white girl, middle of the ghetto, bunch of monsters, this time of night with quantum physics books? She's about to start some shit, Zed.” - J - Men in Black
So.....
Maxi Does Dallas?
- Mord
|
|
| Back to top |
|
|
Jay
Ex OSYer
Captain
Joined: 09 May 2003
Posts: 1589
|
| Posted: Fri Jan 06, 2006 9:08 am Post subject: |
|
|
| kingpinmc wrote: |
| Boy did I become a heathen for that. |
Personally I think Jesus would've gone f*cking metal on spammers. Thats just me though.
|
|
| Back to top |
|
|
HitScan
More portable than j00
Rear Admiral
Joined: 01 Mar 2001
Posts: 5698
Location: in.us
|
| Posted: Fri Jan 06, 2006 11:34 am Post subject: |
|
|
| Jay wrote: |
I've built a self extracting executable with a batch file that uninstalls the old patch and installs the 2K/XP patch. This is for the client that we had install the unofficial patch. We needed to make the final patch install/unofficial uninstaller something easy that wouldn't require any brain power for the remote users....
If anybody wants it, let me know. It only handles 2K/XP and forces a reboot after installing the official patch (which is done after it uninstalls the unofficial one). It will work with either the MSI/EXE installer version of the unofficial patch. The installer already has the official MS patches included. If you installed the unoffical patch via EXE file, the uninstall will only work if you used the default installation location.
Code for the batch file:
| Code: |
@ECHO OFF
REM Uninstall UnOfficial MSI based patch
ECHO Uninstalling unofficial emergency patch....
"C:\Program Files\WindowsMetaFileFix\unins000.exe" /VERYSILENT /SUPPRESSMSGBOXES /NORESTART
msiexec.exe /X{E1CDC5B0-7AFB-11DA-8CD6-0800200C9A66} /qn /noreboot
REM Determine what OS we are dealing with
ver | find "5.00." > nul
IF %ERRORLEVEL% == 0 GOTO WIN2K
ver | find "5.1." > nul
IF %ERRORLEVEL% == 0 GOTO WINXP
ECHO This version of Windows is unsupported for this operation
GOTO END
:WINXP
REM Install Official Patch for Windows XP SP1/SP2
ECHO Installing official patch for Windows XP...
WindowsXP-KB912919-x86-ENU.exe /quiet /forcerestart
GOTO END
:WIN2K
REM Install Official Patch for Windows 2K SP4
ECHO Installing official patch for Windows 2000...
Windows2000-KB912919-x86-ENU.EXE /quiet /forcerestart
GOTO END
:END
REM Clean up and Finish
ECHO Patch Process has completed. Hit enter to close this window.
PAUSE
|
|
Is there any particular reason that you're removing the patch before you even check to see if you can install the new one?
_________________
My mind's slacking process has real-time priority.
A kernel is only as strong as its weakest Interrupt Service Routine.
"I was going to write my congressman, but I can't find my checkbook." - /. poster
"Wiffleball bats are good, because they can be retrofitted with lead pipes." - Harbinger
|
|
| Back to top |
|
|
Jeremy Reimer
King of Canada
1st Lord of the Admiralty
Joined: 01 Aug 2002
Posts: 7833
Location: 789-M
|
| Posted: Fri Jan 06, 2006 11:49 am Post subject: |
|
|
I'm assuming my rebooted machine this morning meant the official patch got pushed out.
_________________
"Those afraid of the universe as it really is, those who pretend to nonexistent knowledge and envision a Cosmos centered on human beings will prefer the fleeting comforts of superstition. They avoid rather than confront the world. But those with the courage to explore the weave and structure of the Cosmos, even where it differs profoundly from their wishes and prejudices, will penetrate its deepest mysteries."
-- Carl Sagan
"Its not a rule. Its just something I noticed. Several of us have more than one sig." - Mord
"No, you are a troll, and I should have never let you back to Ars in after the first 16,000 bannings." - Caesar, to He Who Shall Not Be Named
|
|
| Back to top |
|
|
Jay
Ex OSYer
Captain
Joined: 09 May 2003
Posts: 1589
|
| Posted: Fri Jan 06, 2006 11:53 am Post subject: |
|
|
| HitScan wrote: |
| Is there any particular reason that you're removing the patch before you even check to see if you can install the new one? |
Because this isn't supposed to be run on anything other than Windows 2000 - XP machines. If it fails then they can go download the patch themselves. Though honestly it's only going to fail if: The machine is a Windows 9x machine which means the unofficial patch couldn't have been installed there anyway (not to mention there is no official patch either) or if the machine was a Windows 2003 machine and at this particular client we didn't put the unofficial patch on the servers and decided to ride it out there.
Oh it could also fail if you ran it on Windows Vista.... but who cares about beta whores?
|
|
| Back to top |
|
|
Magus
Tolkien Loremaster
Vice Admiral
Joined: 17 Aug 2001
Posts: 9521
Location: On the Stairway to Heaven.
|
| Posted: Fri Jan 06, 2006 3:16 pm Post subject: |
|
|
| Jay wrote: |
| As for the patch release. I'm glad they got it out so quick. I wonder if they were just multiplying the repair estimate Scotty style or did public pressure force them to release early rather than waiting for their cycle.... |
This isn't the first time they've given a patch release date then beaten it by several days.
_________________
<Paolo|Work> anything that has to do with Java is by definition stupid
1 The Network is my domain, I shall not want; 2 though it makes me wait upon collision, it leads me to the Internet; 3 it restores my connection. It leads me in paths of hypertext transfer for google's sake. 4 Even though I walk through the valley of the shadow of power failures, I fear no data corruption; for backups art with me; thy UPS and thy status light, they comfort me. 5 Thou preparest a firewall before me in the presence of my enemies; thou anointest my CD-R with BurnProof, my buffer never underflows. 6 Surely good deals and pr0n shall follow me all the days of my life; and I shall dwell in the house of the Datacenter for ever.
-HitScan
Wilde is a 4' chinese man in a bright pink tutu, lime green pimp hat with peacock feathers, and a purple feather boa, wearing tissue stuffed snakeskin combat boots, holding a gun bigger than he is, smoking a cigarette in the parking garage, trying to look menacing while pouting and head banging to Godsmack I stand alone
|
|
| Back to top |
|
|
Jay
Ex OSYer
Captain
Joined: 09 May 2003
Posts: 1589
|
| Posted: Fri Jan 06, 2006 9:22 pm Post subject: |
|
|
| The irony of course is that if I knew they would release the patch yesterday, I would've waited until jumping on the unofficial patch. Ahhhh well... |
|
| Back to top |
|
|
MasterOfTheHat
Commander
Joined: 11 Aug 2004
Posts: 794
Location: In a galaxy far, far, far, far, really really far away...
|
| Posted: Fri Jan 06, 2006 10:52 pm Post subject: |
|
|
And if they knew it was a vulnerability, they wouldn't have left the hole open...
_________________
For my fellow OSYers - You know you're addicted to programming when:"The people you respect most you have never physically seen or spoken to, but you always bow to their knowledge."
*Quantum physics texts are an excellent source of 100% of the recommended daily alowance of "WTF!?!" - HitScan
support.microsoft's cause for a 0x0000007f STOP error:
"• Your computer has hardware or software problems. "
|
|
| Back to top |
|
|
kingpinmc
Dark Stalker
Lieutenant
Joined: 03 Apr 2004
Posts: 341
Location: Stuck In a Dungeon
|
| Posted: Sat Jan 07, 2006 9:07 am Post subject: |
|
|
| Jay wrote: |
| The irony of course is that if I knew they would release the patch yesterday, I would've waited until jumping on the unofficial patch. Ahhhh well... |
{quote="MasterOfTheHat"]And if they knew it was a vulnerability, they wouldn't have left the hole open...[/quote]
And if I had a million dollars I would do two chicks at once...
I guess leaving a hole open for 3 days is alot safer than leaving it open for 7, and on the sites you didn't install the patch how many people were affected, since this was soooo widespread? Also, I hear WINE still is unpatched.
_________________
"Then I saw little Tiffany. I'm thinkin', you know, eight year old white girl, middle of the ghetto, bunch of monsters, this time of night with quantum physics books? She's about to start some shit, Zed.” - J - Men in Black
So.....
Maxi Does Dallas?
- Mord
|
|
| Back to top |
|
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
Powered by phpBB 2.0.11j © 2001-2005 phpBB Group with many Smammy additions by Jeremy Reimer 2003-2005
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
