From: "Rich Gauszka" 


"Geo."  wrote in message
news:43bc227a$1{at}w3.nls.net...
> One more handy tidbit of info
>
> Microsoft has a patch in testing, someone leaked it to the internet. If
> you
> find it don't use it, there are reports it's causing a few problems. (like
> bsod)
>
> Geo.
>
>

I dl-ed the unofficial patch at

http://www.hexblog.com/index.html


http://www.f-secure.com/weblog/

Here's an alternative way to fix the WMF vulnerability. Ilfak Guilfanov has
published a temporary fix which does not remove any functionality from the
system (all pictures and thumbnails continue to work normally).

The fix works by injecting itself to all processes loading USER32.DLL. It
patches the Escape() function in GDI32.DLL, revoking WMF's SETABORT escape
sequence that is the root of the problem.

Now, we wouldn't normally blog about a security patch that is not coming
from the original vendor. But Ilfak Guilfanov isn't just anybody. He's the
main author of IDA (Interactive Disassembler Pro) and is arguably one of
the best low-level Windows experts in the world.

-------------------------------------------------------------------------------
------------
I only loaded it on one PC but so far there have been no problems. I can
wait till the official MS patch comes out next week for the others.

--- BBBS/NT v4.01 Flag-5