Select Page

More news today at SANs on the WMF exploit situation.  

Metasploit, a well-known “white hat” group that comes up with code for exploits to test network systems, has come up with a new way to use the WMF exploit to “bypass all known IDS signatures”.

Link here.

And new ways to install the unofficial hotfix, silently and via a script.

So what’s your best defense?  We recommend doing the following two simple steps:

1. Apply the unofficial hotfix.

2. Unregister shimgvw.dll.

Of course, antivirus protection is essential these days, and if you’re on a budget, you can always get one for free.  Read my article on cheap and free security tools here.

My latest word from Microsoft is that there is no official timeline for a patch, but I would be quite surprised if they didn’t patch this at the very least on Tuesday the 10th.  One hopes sooner…

 

Alex Eckelberry


Fatal error: Uncaught wfWAFStorageFileException: Unable to save temporary file for atomic writing. in /home/eckelberry1966/public_html/sunbeltblog/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/storage/file.php:34 Stack trace: #0 /home/eckelberry1966/public_html/sunbeltblog/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/storage/file.php(658): wfWAFStorageFile::atomicFilePutContents('/home/eckelberr...', '<?php exit('Acc...') #1 [internal function]: wfWAFStorageFile->saveConfig('livewaf') #2 {main} thrown in /home/eckelberry1966/public_html/sunbeltblog/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/storage/file.php on line 34