Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Microsoft WMF vulnerability patch (not for 98/Me)

Status
Not open for further replies.
dbMark

dbMark

Programmer
Apr 10, 2003
1,515
0
0
US
If you're wondering whether Microsoft will fix the bad file in the older 98/98se/Me computers, I saw this in the FAQ section: (underlines are my emphasis)


"Are Windows 98, Windows 98 Second Edition, or Windows Millennium Edition critically affected by one or more of the vulnerabilities that are addressed in this security bulletin?
No. Although Windows 98, Windows 98 Second Edition, and Windows Millennium Edition do contain the affected component, the vulnerability is not critical because an exploitable attack vector has not been identified that would yield a Critical severity rating for these versions."

Don't feel bad, Windows NT has reached end-of-life, even further along on its life cycle.

Possibly Microsoft released its patch early due to worldwide pressure and that fact that an alternate patch was developed by independent researchers. From press reports I've read, it seems the file updated is GDI32.DLL so maybe some computer guru could determine the best way all of us 98/Me users could update our computers ourselves. Somehow I doubt all we need to do is just swap the file out, maybe during a DOS boot, since WinMe still uses its original June 2000 version of that file.

For XP systems, the old GDI32.DLL file is dated 10/05/2005 and the new one, same size, is 12/28/2005.

dbMark
 
I've been reading more (dangerous thing to do!) and see that Windows XP and 2003 are the most vulnerable systems since they are loaded by default with programs that try to read or interpret the WMF formats. So other Windows versions, including Millennium Edition, are not vulnerable to a clear attack vector... unless some software is added which tries to do so. Yeah, sure. Nice to feel [maybe] safe.

So far I've seen comments that the current version of Lotus Notes may be vulnerable, so look for them to come out with an update real soon if that's the case. If there's one, then there's probably many other applications too...
 


I wonder what NON-CRITICAL is; as defined EXACTLY in Microslush's vernacular. After reading several blogs on the new threat it seems MSPAINT is also a target..?
At any rate I am using Win95 and am probably on the low end of attack targets as well as being totally ignored by the company that made the product! I wish I was adventurous enough to try a different operating system..

Good Luck to both of you in you attempts to keep the M$ products afloat!

smitee
 
Status
Not open for further replies.

Similar threads

Flinx
  • Locked
  • Question
unable to update microsoft edge 2
Replies
3
Views
599
Rick998
Rick998
Keyboy
  • Locked
  • Question
Microsoft Cloud Storage Usage
Replies
0
Views
71
Keyboy
Keyboy
Deniall
  • Locked
  • Question
AutoHotKey for a very simple task 1
Replies
5
Views
129
Deniall
Deniall
Flinx
  • Locked
  • Question
Windows 10 Strange problems recently appear caused by microsoft ransomeware protection
Replies
3
Views
141
Andrzejek
Andrzejek
pjw001
  • Locked
  • Question
Programs not loading on Windows 11 Version 22H2.
Replies
9
Views
208
pjw001
pjw001

Part and Inventory Search

Sponsor

Back
Top