Over 1 million tech questions and answers.

Solved: Unauthorized Patch For Microsoft WMF Bug (Patch Attached)

Q: Solved: Unauthorized Patch For Microsoft WMF Bug (Patch Attached)

Unauthorized Patch For Microsoft WMF Bug Sparks Controversy

Sober worm may hit tomorrow, but businesses are more concerned about the WFM vulnerability and Microsoft's inability to produce a patch this week. Some are choosing an alternative that could lead to other problems.

By Larry Greenemeier

Jan 4, 2006 01:00 PM

Concerns over the lack of a Microsoft-issued patch have pushed the Windows Metafile/Zero-Day bug to top of mind, surpassing even tomorrow's much-anticipated Sober worm attack.

The lag time between the Dec. 27 discovery of the WMF vulnerability and Microsoft's planned Jan. 10 patch availability has forced IT security departments to find alternative means for protecting their systems and prompted a non-Microsoft developer to create a patch that others could use.

All of this serves to damage Microsoft's reputation as a company that can secure its own products—a reputation that only recently was beginning to improve after years of being dragged through the mud. Experts are divided over whether it's wise to use Ilfak Guilfanov's Hexblog patch to fix the WMF vulnerability, which could allow attackers to use WMF images to execute malicious code on their victims' computers. Some say it's a necessary measure to protect systems until the official Microsoft patch arrives; others say it's not worth the extra work to patch twice or to take the risk of using a third-party fix.

"We're advising against this third-party patch," says Gartner VP and research fellow John Pescatore. Even if the patch works perfectly, users will have to modify their Windows environments when they deploy the patch, and then uninstall the patch by next Tuesday, leaving two opportunities for something to go wrong. Gartner advises that companies should employ workarounds that ensure that their URL-blocking capabilities are up to date, that all WMF files are blocked, and that they expedite testing and deployment of Microsoft's patch when it becomes available.

But the SANS Institute's Internet Storm Center recommended Tuesday that users not wait for Microsoft's fix, but unregister a vulnerable Dynamic Link Library, or DLL, executable program modules in Windows and apply Guilfanov's patch.

Either way, the WMF vulnerability has been widely acknowledged as a major security threat. The vulnerability is already being exploited, and Symantec has raised its ThreatCon to a Level 3, out of four. The company, which last placed a ThreatCon Level 3 in July 2004 because of MyDoom.M, has expressed concern over the window of time Microsoft has allowed between discovery of the vulnerability and the planned issuance of a patch. Symantec recommends that companies instruct their users to avoid opening unknown or unexpected E-mail attachments or following Web links from unknown or unverified sources, and turn off preview features on E-mail programs to prevent infection from HTML E-mails. The WMF vulnerability affects a number of different versions of Windows XP, Server 2003, ME, 98, and 2000, as well as some versions of Lotus Notes.

Microsoft claims, via its Security Response Center blog, that the company is continuing to work on finalizing a security update for the vulnerability in WMF. In the blog, Security Response Center operations manager Mike Reavey acknowledges that in Microsoft's effort to "put this security fix on a fast track, a pre-release version of the update was briefly and inadvertently posted on a security community site." Microsoft is recommending its customers disregard the posting and wait until a fully tested patch is issued next week.

Microsoft's response to the vulnerability has been particularly poor, says the assistant VP of IT security for a global financial-services firm. While Microsoft has chosen to patch the WMF vulnerability during its normal Patch Tuesday download, this comes well after it should have. "They have historically released patches on special occasions, and this is clearly one of those occasions," she says, preferring to speak anonymously on the topic of an unpatched vulnerability. She added that her company has "wasted countless man-hours" to mitigate the chance of being hit by an exploit, but that no amount of workarounds can fully replace a patch from the vendor.

Third-party patches are not a new concept, but the one issued for the WMF vulnerability is particularly troubling because it raises the question of why Microsoft couldn't issue its own patch in a timely fashion. In fact, the availability of Guilfanov's Hexblog patch makes Microsoft look even worse, the financial-services assistant VP of IT security says. "If a third party can put out a stable patch, Microsoft should have been able to," she adds. "It shames Microsoft."

While the popular Hexblog patch—Guilfanov's Web site was down on Wednesday morning, possibly because of bandwidth issues—is by all appearances a solid piece of coding, the financial-services firm won't download the patch because of the risk of implementing a patch that's not been properly tested, "which it isn't because it's not coming from Microsoft," the assistant VP adds.

As long as Windows systems remain unpatched, companies are at risk for WMF exploits whenever their employees browse the Internet. "There's no way for you to know whether a site is dangerous for a WMF exploit," says Ken Dunham, director of VeriSign iDefense's rapid response team. Even if companies set their defenses to strip out all executable files from incoming E-mails and instant messages, attackers can disguise their executables to look like a JPG or GIF file.

As of Jan. 2, VeriSign iDefense had found at least 67 hostile sites containing exploits against the WMF vulnerability, and the company is investigating another 100 sites. When users visit these malicious sites, their computers can be infected with Trojans, adware, spyware, or files that use them as a base for sending out spam to other computers.

Unlike the Sober worm, which spreads spam with politically charged messages but tends not to damage systems, WMF vulnerability-inspired spam is much more malicious. VeriSign iDefense captured a WMF culprit on Dec. 28 that used the output.gif file to spam messages over the Internet from a company called Smallcap-Investors, which promote a Chinese pharmaceutical company called Habin Pingchuan Pharmaceutical. The spam message was sent out as a GIF file in an apparent attempt to evade spam filters. Using spam as the underpinning of a stock "pump and dump" scheme, Smallcap encouraged users to buy cheap stocks. As is typical in such a ruse, once the fraudster has raised the value of the stock, he or she sells off the stock, making it worthless to the victims who've been duped into investing.

Another WMF exploit came in the form of the HappyNY.a worm, which looks to a user like a JPG file but is actually a malicious WMF file. The HappyNY.a worm contains Nascene.C code, which attempts to exploit the WMF vulnerability and fully compromise a user's computer.

If users come to depend too much on third-party patches to avoid such scams, it could set a dangerous precedent for security. "You'll see phishing E-mails that say they offer volunteer patches," Pescatore says. "If people starting using these sites that are not from a vendor, this could be a whole new problem."

Concerns over the proliferation of Microsoft-based phishing scams come as an Iowa man recently pleaded guilty to computer fraud charges arising from a phishing scheme conducted from January 2003 through June 2004 on Microsoft's MSN Internet service. The scam involved sending E-mail falsely claiming that MSN customers would receive a 50% credit toward their next bill.

Meanwhile, the buzz around the WMF vulnerability has helped eclipse concerns over the upcoming Sober worm threat. "All of the antivirus guys have put out their signature updates" for the latest incarnation of Sober, and "the payload has been analyzed, so you know what DNS servers it's going to call," Pescatore says. The most important things for IT security professionals to realize is that there is a patch for Sober and that, while the attacks will start by Jan. 5, there will likely be new variants of Sober each subsequent week.

On Jan. 5, the code contained in the Sober worm will start updating and sending itself out to thousands, if not millions, of computers, adds Dunham. So far, the Sober attacks have been more motivated at spreading political and social messages rather than delivering malicious payloads. "Sober has the ability to download code, but the attackers haven't done this," he adds. "Instead, they use it to send spam and clog E-mail servers and promote their agenda."

Signature-based antivirus programs won't have any problems detecting known variants of Sober. New variants will prove a bit trickier, and companies should make sure executable and JPG attachments are stripped out of E-mails traversing their networks, says Shane Coursen, a senior technical consultant for antivirus software maker Kaspersky Lab. For this latest generation of Sober, companies will rely less on signature-based antivirus defenses and more on those that employ heuristic routines that flag strange behavior on the network.

Preferred Solution: Solved: Unauthorized Patch For Microsoft WMF Bug (Patch Attached)

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Solved: Unauthorized Patch For Microsoft WMF Bug (Patch Attached)

No offense but before anyone considers downloading the unoffical patch from a third party - they should at the least be aware of and check the MD5 checksum's of the files to insure they have not been tampered with...

wmf_checker_hexblog.exe - MD5: ba65e1954070074ea634308f2bab0f6a

wmf_checker_source.zip - MD5: 7ae8ac24e68baaa49e0de3f05e64a571

wmffix_hexblog14.exe - MD5: 15f0a36ea33f39c1bcf5a98e51d4f4f6

wmfhotfix.cpp - MD5: 8cf91671e353bb259cca30e06bee8bc2

An FAQ and the official unofficial hotfix and checker liinks can be found here:

Read other 2 answers

Dear Experts, 

I have few queries :
> i have been pacthing IE on win 2012 R2 servers from Oct 2017 and the latest deployed pacth is April 2018 roll out. but when i scan these server by Vulnerability scanners- it detects  june 2017 IE patch missing(which i know was never deplyed as
i started patching from Oct 2017 ) and i believe this June 2017 IE patch requires below registry key to be present , which they are not :
The following registry key is missing.
This registry key is required to enable the fix for CVE-2017-8529:
SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX\iexplore.exe
SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX\iexplore.exe
My Query is - 
Does the installation of the superseding patch adds/updates the registry keys required for the patch it supersedes.In this case should  the successfull installation of April 2018 IE patch be adding these registry keys required for June 2017 IE patch.
if not  is there any documentation related to this ?

Read other answers

I downloaded patch from download link for my Sony PCV-RX 755. Installation seemed to work, but after rebooting, I cannot find Microsoft Office or Registry Patch for Microsoft Office 2000.

I am trying to install my Sharp OZ- 590 A CD but cannot do so because it requires Microsoft Outlook which is part of Microsoft Office.

A:Solved: Registry Patch for Microsoft Office 2000

Read other 6 answers

from slashdot.org:

msm1267 writes
"Microsoft announced last night that it has stopped pushing a security update originally released on Patch Tuesday because the fix is causing some PCs to blue-screen. Microsoft recommends users uninstall the patch, which is also causing compatibility issues with some endpoint security software. MS13-036 was part of this week's Patch Tuesday update. It addressed three vulnerabilities in the Windows Kernel-Mode Driver, which if exploited could allow an attacker to elevate their privileges on a compromised machine. Users began reporting issues earlier this week with some systems failing to recover from restarts, or applications failing to load, after the patch was installed."

A:[SOLVED] Microsoft asking users to uninstall patch that causes BSOD's

Already been posted

Read other 3 answers

as per this website
Susan Bradley states

I got word back as follows: Outlook 2010 Calendar Folder property is empty - Microsoft Community

As of now, the product group has consolidated similar cases and currently working on the fix for the Event 27 issue, which is planned for the December 2013 Cumulative Update. Timelines can change for a number of reasons, and if a change does occur I will provide you with an update. You can find information on the Cumulative Update release schedule here:

go to the 5th page and you will see it

A:Office 2010 sp2 patch should be in Dec Patch tuesday

Hotfix for this issue.

Description of the Outlook 2010 hotfix package (Outlook-x-none.msp): December 10, 2013

Read other 8 answers

every time i open my email, norton screen pops up that it had detected a virus called microsoft patch. every time i delete it the next day it comes back. help???? please.. thanks !!!

A:microsoft patch

Sounds like you have Windows XP.

Turn off System Restore. (Right-click on My Computer, Properties, System Restore Tab. Check the box.

Scan your system using the latest signature files for your antivirus software. Reboot, then re-enable System Restore.


Read other 2 answers


Microsoft is releasing a software update to Microsoft Internet Explorer 6 for Microsoft Windows XP Service Pack 2 (SP2) and for Microsoft Windows Server 2003 Service Pack 1 (SP1). This update changes the way in which Internet Explorer handles some Web pages that use ActiveX controls. Examples of programs that use ActiveX controls include the following:
Adobe Reader
Apple QuickTime Player
Macromedia Flash
Microsoft Windows Media Player
Real Networks RealPlayer
Sun Java Virtual Machine
After you install this update, you cannot interact with ActiveX controls from certain Web pages until these controls are enabled. To enable an ActiveX control, manually click the control. There are also techniques that Web developers can use to update their Web pages. For more information about these techniques, visit the following MSDN Web site:
http://msdn.microsoft.com/ieupdate (http://msdn.microsoft.com/ieupdate)
As part of this Internet Explorer update, Microsoft will release updates to the current versions of Windows XP and of Windows Server 2003. All client operating systems will be updated. These client operating systems include the following:? Windows XP Starter Edition
? Windows XP Home Edition
? Windows XP Professional Edition
? Windows XP Tablet PC Edition
? Windows XP Media Center Edition
? Windows XP Professional for Embedded Systems
Currently, Microsoft has not released updates for earlier versions of Internet Exp... Read more

Read other answers


I was considering doing a reinstall of windows in the near future but I read somewhere that Microsoft's latest patch was for a vulnerability that would leave computers open to attack even if they were merely connected to the internet.

My problem is that if I reinstall, my computer will obviously be unpatched until I have downloaded all the windows updates. With my connection that is going to taked over 5 hours. Is there a chance that I could get infected in this time even if I only visit the Microsoft site.

A:About microsoft's Oct 23 patch


It is possible to become infected whilst trying to download the updates.

What i would do is to download SP3 and all updates possible to CD and then run the installation from the CD once you have reinstalled Windows. This way you will not have to connect to the internet until you are properly up to date.

Read other 5 answers

Have clean XP disk but because of files being partitioned when I loaded the new Microsoft released patch made specific for XP the computer no longer starts up properly and I can not see, and do not know how to get to the hard drive(s). Specifically the command prompt!
I can see it has partitioned the files when I try to open in safe mode - (F8)
I can also see that if I could get to c: and do a chkdsk /r the problem would be solved - (system message through Advanced Options - F8)
However I can not get to the c: drive!

If I could merge the partition files back to the c: drive I would assume all would be back to normal.
If I could get to the OS C: drive I would happily do a chkdsk /f /r!
HP Pavilion but can not even get F11 recovery to respond.
Computer does see the CD drive as it did read the start option of the clean XP disk but when I do either repair option or reinstall it says it can not see hard drive. When I just try and power up it just goes directly to the F8 main screen but none of the options work. It just loops back to the same screen after a number of seconds!

I am stuck in FRED territory! Luckily data is not an issue as I backed up everything prior to installing this specially released patch for the ransomeware issue.


A:XP3 will not load after Microsoft patch

There are partition recovery software programs, but for more clarity were you set up with personal files on one partition and programs or XP on another?

Read other 10 answers

New Microsoft patch jams up IE7Last Tuesday's "critical" security fix for Internet Explorer is causing trouble for users who have been testing the new IE 7 browser.

Read other answers

I read in the news today that we need to install the patch. Do we need to do this and if so, where do we get the patch?


A:Patch for Microsoft Windows? Do we need this?

Read other 6 answers

I recieved this (below) in my Outlook Express email, and I've gotten wary of attachments (even though it says it's certified virus free, anyone can say anything)

It also came in my Yahoo Mail, but didn't have the option that's usually there to scan the attachment.

I "SAVED TARGET AS" desktop, and scanned it with AVG and The Cleaner and it was fine. It said P161976.exe on it.

I clicked on it (on desktop) and it said it wasn't a valid windows file.

I'm thinking I have to click on the actual attachment in the Yahoo Mail?

I think there is a long thread about this on here, but I couldn't understand a lot of it, and it's now CLOSED so I can't ask if this is the same thing and if I need it, and should try to find it elsewhere, IF it won't open/install from the email?

I have I.E.6 and WIN98 SE (which seems to work fine)

Most of the time I don't try looking for updates and patches, because I'm not sure what they are, if I need them, and as I said it seems to work okay the way it is.


Microsoft Customer

this is the latest version of security update, the
"April 2003, Cumulative Patch" update which eliminates
all known security vulnerabilities affecting Internet Explorer,
Outlook and Outlook Express as well as five newly
discovered vulnerabilities. Install now to protect your computer
from these vulnerabilities, the most serious of which could allow
an attacker to run executable on yo... Read more

A:Microsoft security patch?

Read other 16 answers

Have clean XP disk but because of files being partitioned when I loaded the new Microsoft released patch made specific for XP the computer no longer starts up properly and I can not see, and do not know how to get to the hard drive(s). Specifically the command prompt!
I can see it has partitioned the files when I try to open in safe mode - (F8)
I can also see that if I could get to c: and do a chkdsk /r the problem would be solved - (system message through Advanced Options - F8)
However I can not get to the c: drive!

If I could merge the partition files back to the c: drive I would assume all would be back to normal.
If I could get to the OS C: drive I would happily do a chkdsk /f /r!
HP Pavilion but can not even get F11 recovery to respond.
Computer does see the CD drive as it did read the start option of the clean XP disk but when I do either repair option or reinstall it says it can not see hard drive. When I just try and power up it just goes directly to the F8 main screen but none of the options work. It just loops back to the same screen after a number of seconds!

I am stuck in FRED territory! Luckily data is not an issue as I backed up everything prior to installing this specially released patch for the ransomeware issue.


A:XP3 will not load after Microsoft patch

There are partition recovery software programs, but for more clarity were you set up with personal files on one partition and programs or XP on another?

Read other 2 answers

Hi, Everyone.

I have downloaded the patch that Microsoft has for the worm that is going around. but when I install it, it gives me an error message, the message says


Setup could not verify t he integrity of the file update.inf. Make sure the Cryptographic service is running on this computer.

What do I do?

A:Problem with the Worm patch from Microsoft

Check out the thread "strange windows XP error". That's what it's all about.

Read other 2 answers

Microsoft has patched almost as many critical vulnerabilities in the first 8 months of 2006 as it did in 2004 and 2005 combined, security researchers said..."2006 already is a record year,"..."It's great that we're finding them prior to large-scale attacks, but at the same time it's a concern about the quality of [Microsoft's] code." Thus far this year, there have been 51 security bulletins and 98 patches, 64 of which were deemed critical...techweb.com

A:Microsoft Breaks Patch Records

Windows needs a complete rewrite from the ground up, instead of patching the legacy system and interfacing new modules with bloated the code.

Read other 5 answers

Ok, some of you may remember a few weeks back I posted a thread about recieving a 'Microsoft' e-mail that supposedly included a critical patch with it, it turned at to be the Dumaru virus. Anyway, I have today recieved a new one that goes something like this...

Sender: Microsoft Coporation Security Center
Subject: Latest Microsoft Critical Patch

Microsoft Partner

this is the latest version of security update, the "September 2003, Cumulative Patch" update which fixes all known security vulnerabilities affecting MS Internet Explorer, MS Outlook and MS Outlook Express as well as three newly discovered vulnerabilities. Install now to help protect your computer from these vulnerabilities. This update includes the functionality of all previously released patches.

System requirements Windows 95/98/Me/2000/NT/XP
This update applies to MS Internet Explorer, version 4.01 and later
MS Outlook, version 8.00 and later
MS Outlook Express, version 4.01 and later
Recommendation Customers should install the patch at the earliest opportunity.
How to install Run attached file. Choose Yes on displayed dialog box.
How to use You don't need to do anything after installing this item.

Microsoft Product Support Services and Knowledge Base articles can be found on the Microsoft Technical Support web site. For security-related information about Microsoft products, please visit the Microsoft Security Advisor web site, or Contact Us.

Thank you for using Mi... Read more

A:Another spoof Microsoft e-mail patch?

Read other 16 answers

Microsoft to patch 17-year-old computer bug.

A 17-year-old bug in Windows will be patched by Microsoft in its latest security update.

-- Tom

Read other answers

Microsoft has fixed a bug in a critical security patch that may have been causing problems for some Windows Server 2003 users...pcadvisor.co.ukArticle ID: 924054

Read other answers

Last week I cleaned out and updated a friends Dell computer. About three days later I get a call saying its blue screened with the following stop code.

stop: 0x0000007E (0xc0000001d, 0x80537008, 0xba4c3508, 0xba4c3204)

I looked it up and it appears to be a Microsoft patch causing the problem. The question is how do I roll back the patch? One would be the Microsoft recovery console but what am I looking for once inside it? Another option I believe would be using Ubuntu, but again once its up what would I be looking for?

Repairing this would be a lot less of a headache for the owner than rebuilding from scratch.

A:Rolling back a Microsoft patch?

Hi Dirtpitt289,

There is a report that patch KB977165 is causing BSOD with computers that have an infected atapi.sys file.

We could remove the patch, but personally, I'd like confirmation that an infected atapi.sys file is to blame. Please do the following:

1. Boot from your Windows installation CD

Insert your Windows installation CD and boot your computer. If your computer is not set to boot from CD first, you may need to reconfigure your BIOS or press a boot menu key (often F12, F8 or Esc). If you are unsure of how to do this, consult your favorite geek. As soon as the boot starts, you should see a message like ?Press any key to boot from CD?? ? press a key.

2. Start the Recovery Console

After the CD loads (it may take a minute), you will be presented with a few choices. One of these options is to start a recovery by pressing ?R?. Press ?R? to launch the Recovery Console.

* You may be asked to choose a Windows installation. If so, choose the damaged installation (probably ?1″).
* You may be prompted for the Administrator password. If you do not have one, press ?Enter?.

3. Identify your CD drive letter

You should now be at the command prompt. Enter the following command:


Look for the drive letter for your CD drive. It may look something like this:

D: \Device\CdRom0

In this case, your CD drive is ?D:?.

4. Replace ATAPI.SYS

Enter the following, replacing ?D:? with your CD drive:

cd system32\drivers
ren ata... Read more

Read other 4 answers

Microsoft has re-issued another security patch that it originally published in August over a bug that can corrupt users' files. The patch is the third that Microsoft has had to fix from its August set.Version 2.0 of MS06-049, "Vulnerability in Windows Kernel Could Result in Elevation of Privilege," was posted on Tuesday, the same day that Microsoft issued an emergency out-of-cycle patch to fix a VML flaw in Internet Explorer...Microsoft warned that the original version could corrupt files on NTFS-formatted drives when using Windows compression...pcadvisor.co.ukMicrosoft Security Bulletin MS06-049Vulnerability in Windows Kernel Could Result in Elevation of Privilege (920958)Updated: September 26, 2006Affected Software: Microsoft Windows 2000 Service Pack 4

Read other answers

Microsoft is sure starting to jump through hoops to TRY to please people. And once again. If you do not have Windows XP, Windows 2000, Windows Server 2003, Office 2003 and Exchange Server 2003. You are just out of luck.

Is this really a fix or just a sales pitch?

"Gates and [Microsoft CEO Steve] Ballmer promised that Microsoft was going to get down to no more than two patching technologies,"


A:Microsoft to Put Patch Service to the Test

jd_957 said:

Microsoft is sure starting to jump through hoops to TRY to please people. And once again. If you do not have Windows XP, Windows 2000, Windows Server 2003, Office 2003 and Exchange Server 2003. You are just out of luck.

Is this really a fix or just a sales pitch?

"Gates and [Microsoft CEO Steve] Ballmer promised that Microsoft was going to get down to no more than two patching technologies,"

http://www.eweek.com/article2/0,1759,1765406,00.aspClick to expand...
Is this really a fix or just a sales pitch?

Only time will tell

Thanks jd_957

Read other 1 answers



Microsoft's latest patches also contain kernel updates, and in an effort to avoid a repeat performance, the company has prevented the patches from installing on infected machines. This security update includes package-detection logic that prevents the installation of the security update if certain abnormal conditions exist on 32-bit systemsClick to expand...


A:Microsoft will not patch XP if rootkit is present

Read other 14 answers

New Worm Poses as Microsoft Patch

'Gruel' also impersonates Symantec tool, lifts Outlook addresses.

Paul Roberts, IDG News Service
Wednesday, July 16, 2003

Antivirus company TruSecure is warning users about a new e-mail worm that is beginning to spread on the Internet and over the Kazaa peer-to-peer network.

The new worm, dubbed Gruel, is a mass-mailing worm that masquerades as a Windows software patch from Microsoft and as a virus-removal tool from Symantec, according to an alert from TruSecure.

Familiar Attack
Like other mass-mailing worms, Gruel spreads by stealing e-mail addresses from an infected computer's Microsoft Outlook address book and mailing copies of itself to those addresses, TruSecure representatives say.

The worm deletes files from machines it infects and copies itself into various locations. It particularly targets and infests folders used by the Kazaa file-sharing network, enabling it to spread on that network as well, according to TruSecure.

The antivirus company received word of five infections and fielded around 20 calls from users who have received e-mail messages containing the virus, according to Bruce Hughes, content security lab manager at TruSecure.

While the number of infections is still low, Gruel has a number of characteristics that have allowed other worms to successfully spread in recent months, Hughes says.

In addition to its clever use of so-called "social engineering" tricks such as using the names of M... Read more

A:New Worm Poses as Microsoft Patch

Thanks for the info ladyjeweler.Much appreciated.

Read other 1 answers

OS: windows XP

I mistakenly removed microsoft office 2003 from my computer. I then could not open my documents (I am using wordpad to open them now). I did "system restore" and MO 2003 was back in my programs file but I could still not open my documents. I tried removing again and the computer would not let me do it. I tried re-installing from the CD and got the message: This patch package could not be opened. Verify that the patch package exists and that you can access it, or contact the application vendor to verify that this is a valid Windows Installer package.

What do I do now?

When I click on the document icon, a box comes up with the title "windows installer" and the message reads "preparing to install". If I don't use the "open with" on right click, the box disappears and no document. If I use the "open with...wordpad, the document opens after the above box does its thing.

A:Patch package for Microsoft office

Read other 7 answers

Microsoft Corp. last week said that three Windows security updates, including one rated "critical," will be released tomorrow. The company acknowledged, however, that it will not deliver a fix for an Excel flaw that attackers are now exploiting.

more: computerworld.com

A:Microsoft won't fix Excel bug on Patch Tuesday

I think someone already posted this somewhere, but I'm too lazy to find it :P
I find it more interesting that two out of the three fixes are for spoofing.

Read other 6 answers

Microsoft promises emergency IE patch

Microsoft today announced that it will issue an emergency security update for Internet Explorer (IE), but postponed setting a ship date for the fix until tomorrow.

"Given the significant level of attention this issue has generated, confusion about what customers can do to protect themselves and the escalating threat environment, Microsoft will release a security update out-of-band for this vulnerability," said George Stathakopoulos?in an entry on the Microsoft Security Response Center blog. ? Researchers have been busy building exploits since the original attack code went public last

Thursday. Today, for example, a noted American vulnerability researcher and a French security company disclosed that they had created exploits that worked on the newer IE7 and IE8, and could bypass the DEP (data execution prevention) protection that Microsoft has been touting since it acknowledged the bug.

As he did over the weekend, Stathakopoulos downplayed the threat again today. "We continue to see very limited, and in some cases, targeted attacks," he said, adding that th eonly successful attacks found thus far have aimed at IE6.

Date: 19 January 2010

More...........http://www.computerworld.com/s/article/9146038/ 1969 Cougar

A:Microsoft promises emergency IE patch

You would think they would patch it before the hack was made public, seems a bit backwards but at least they are fixing it

Read other 1 answers

Websense? Security Labs? ThreatSeeker? Network has discovered a substantial number of spam messages utilizing a reliable social engineering trick that lures users to download a Microsoft critical security update...The message uses an open redirect at the legitimate shopping site shopping.***.com; the redirect forwards users to a malicious URL offering to download a malicious executable.securitylabs.websense(screenshots included)

Read other answers



Run Windows update manually!


A:Microsoft issues emergency patch for 10 IE holes

Read other 13 answers

Lots of fixing going on today!

Microsoft said four of the new patches -- software updates that write over glitches -- were of the highest priority and should be deployed immediately to protect users from potential criminal attacks on the Windows operating systems.

Microsoft said it also repaired other less serious security weaknesses in Windows, along with security problems in its widely used Office software for PCs and Microsoft Server software for business computers.
Click to expand...

I'm not seeing it being offered in XP w/SP3 here but no doubt it will appear later on.

A:Microsoft issues biggest security patch ever

Read other 6 answers

The monthly update to the Windows Malicious Software Removal Tool adds detection and deletion for "F4IRootkit," Microsoft's name for the invisibility tool Sony BMG added to 52 of its music albums, and placed on more then 5 million CDs.securitypipeline.com

Read other answers

Patch Tuesday 5/12/2015 bug or Microsoft Hiding something?

KB976932 shows up after installing the following updates.

Security Update for Windows 7 for x64-based Systems (KB3061518)
Cumulative Security Update for Internet Explorer 11 for Windows 7 for x64-based Systems (KB3049563)
Security Update for Windows 7 for x64-based Systems (KB3055642)
Update for Microsoft Security Essentials - (KB3063917)
Security Update for Windows 7 for x64-based Systems (KB3045171)
Security Update for Windows 7 for x64-based Systems (KB3051768)
Security Update for Windows 7 for x64-based Systems (KB3046002)
Windows Malicious Software Removal Tool x64 - May 2015 (KB890830)
Security Update for Microsoft .NET Framework 4.5, 4.5.1 and 4.5.2 on Windows 7, Vista, Server 2008, Server 2008 R2 x64 (KB3035490)
Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB3032655)
Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB3023215)
Security Update for Microsoft .NET Framework 4.5, 4.5.1 and 4.5.2 on Windows 7, Vista, Server 2008, Server 2008 R2 x64 (KB3023224)
Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB3048070)
Security Update for Microsoft Silverlight (KB3056819)
To get that KB976932 update to show up. You to need re-run the windows updates after you install those updates,... Read more

A:Patch Tuesday 5/12/2015 bug or Microsoft Hiding something?

The update you're getting is fairly common - it's most likely a minor patch to prevent problems further down the line, and WU appears to have picked up that it's not yet been installed.
It shouldn't do any harm to install it.

Read other 2 answers

I need some major help with the latest Windows Update (the set of patches that came out this Tuesday to help with the security issues), I think it is causing issues for my laptop PC. I'm not computer illiterate but I'mdefinitely nothing more than a beginner and this is starting to make me panic a little ^_^;

My laptop has been having major Startup and boot issues since the update. My laptop freezes and goes to a white-grey screen. The computer does start up - ie: the screen comes on (white screen, unless I am lucky enough to get a boot screen for a moment) the fans run, but it takes several attempts at turning it on and off again, and hitting either F12 or F8 (still not sure which one is the one that works) to get to a screen that allows me to repair the Startup and go back to a retore point. The last time this happened it also beeped at me however I would not be able to tell you what the code sounded like (I...panicked somewhat).

However, the restore point was made just after Windows downloaded the updates onto my comouter (I had automatic updates on), and I cannot shut down without my computer wanting to install the updates. So I'm stuck in an endless cycle of downloading these updates, then being forced to restore.

Can anyone help with either finding a way to stop my laptop installing these updates, or does anyone know a way to troubleshoot the updates themselves?


Dell Studio

Windows Version:

7 - Home


Internet/MS Office/Some digital art... Read more

A:Issue with latest Microsoft Patch Update

Read other 7 answers

Hi All,
Your can read about here.

A:Microsoft Releases Patch for Windows Flaw

Run a scan at the Windows Updates site and the KB912919 patch should appear in the critical updates section.

Microsoft has released it 5 days early.


Read other 1 answers


This is a cumulative patch that includes the functionality of all
previously released patches for SQL Server 7.0, SQL Server 2000, MSDE
1.0, and MSDE 2000. In addition, it eliminates three newly discovered

- Named Pipe Hijacking -
Upon system startup, SQL Server creates and listens on a specific
named pipe for incoming connections to the server. A named pipe is a
specifically named one-way or two-way channel for communication
between a pipe server and one or more pipe clients. The named pipe is
checked for verification of which connection attempts can log on to
the system running SQL Server to execute queries against data that is
stored on the server.

A flaw exists in the checking method for the named pipe that could
allow an attacker local to the system running SQL Server to hijack
(gain control of) the named pipe during another client's
authenticated logon password. This would allow the attacker to gain
control of the named pipe at the same permission level as the user
who is attempting to connect. If the user who is attempting to
connect remotely has a higher level of permissions than the attacker,
the attacker will assume those rights when the named pipe is

- Named Pipe Denial of Service -
In the same named pipes scenario that is mentioned in the "Named Pipe
Hijacking" section of this bulletin, it is possible for an
unauthenticated user who is local to the intranet to send a very
large packet to a specific named pip... Read more

Read other answers

Users complain about last week's security updateMicrosoft is investigating reports that last week's Internet Explorer security update has crippled some users' web connection. Users started posting messages to multiple Microsoft support newsgroups almost immediately after Microsoft released the MS07-069 security bulletin on December 11, saying that they were unable to connect to the internet, either because IE refused to open or because when it did open, it could not reach various sites."About 60 percent of the time, I would get an 'Internet Explorer has encountered a problem and must close' dialog,"...both IE6 and IE7 balked at loading, or while loading, some pages, particularly home pages, on both Windows XP and Windows Vista machines...pcadvisor.co.ukEdit in title for Update: Info from MS Security Response Center

A:Internet Explorer Crippled By Microsoft Patch

That's very useful info, quietman7. I've noticed there have been a number of posts here lately from people experiencing just these problems. Would you recommend that folks uninstall that update until such time as a patch or new update is available? Or do you think that whatever security issues it addresses are more important than the problems it apparently creates?


Read other 19 answers

Microsoft is urging users of its Windows 7 operating system (OS) to immediately uninstall a recently-released patch that is reportedly crashing customers' PCs. In some cases, users have been faced with constant system reboots.
The patch was released Tuesday, April 8, 2013, and was part of Microsoft's monthly Patch Tuesday security update. It was issued by Microsoft's Windows Update service but has since been pulled because of reported issues.http://www.infopackets.com/news/bus...crosoft_patch_causes_blue_screen_of_death.htm

Is this related to this thread http://www.techspot.com/community/t...ing-windows-7-security-update-2823324.191521/

Read other answers

Microsoft has announced what vulnerabilities it designs to patch on Tuesday.
According to the company, its Tuesday revise will encompass fixes for nine matters. Three of those matters are "Critical" vulnerabilities, meaning that they can allow cipher execution without any user interaction. The remaining vulnerabilities are labeled as "Important."
whereas all three of of the Critical vulnerabilities center on Windows, one of them furthermore encompasses Internet Explorer 9. Interestingly, the flaw does not extend to previous versions of the browser, so it appears it's something new. after that, the nine patches address flaws in everything from Windows XP Service Pack 3 to Windows Server 2008.
As with previous security bulletins, Microsoft is urging users revise their influenced programs as soon as likely. The business will be holding a Webcast on July 11 to address clientele questions.

VIA: TH3Tech

Read other answers

I'm trying to get rid of the Conficker worm, and so I used this guide: http://www.bleepingcomputer.com/malware-re...nadup-confickerWhen I copied the files into my laptop and attempted to install the microsoft patch it kept saying that it was searching for updates, and then it would say the update does not apply to my system. Why wont it install? I really need it to so I can get rid of Conficker!P.S. I'm on vista.

A:Microsoft MS08-067 Patch Won't Install!Moved to AII

Hello.Please run MBAM first.Download and run MalwareBytes Anti-MalwarePlease download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal proce... Read more

Read other 1 answers

Microsoft today said it will deliver its largest-ever number of security updates on Tuesday to fix flaws in every version of Windows, as well as Internet Explorer (IE), Office, SQL Server, important developer tools and the enterprise-grade Forefront Security client software.Among the updates will be the first for the final, or release to manufacturing, code of Windows 7, Microsoft's newest operating system.The company will ship a total of 13 updates next week, eight of them pegged "critical,"...http://www.computerworld.com/s/article/913...k?taxonomyId=17

A:Microsoft plans monster Patch Tuesday next week

Yowza. That's a lot. I'd better get my DSL installed before I update. ~ OB

Read other 6 answers

​Today is the second Tuesday of the month, and that can only mean one thing: it's Patch Tuesday, or the day where Microsoft releases updates for all supported versions of Windows. In a blog post today, the company noted that it's broadening the range of devices that will receive Spectre and Meltdown mitigations, as it's removing the anti-virus compatibility check.

The Windows 10 cumulative updates that are available today are only for PCs, which is a bit out of character for Patch Tuesday. Usually, phones get some love too; however, last month, Microsoft waited an extra day, so we may see those updates tomorrow.

If you're on the Windows 10 Fall Creators Update, or version 1709, you'll see KB4088776, or build 16299.309. That can be manually downloaded here, and it contains the following fixes:

Addresses issue where Internet Explorer stops working when using F12-based developer tools.
Addresses issue with printing XML documents with Internet Explorer and Microsoft Edge.
Updates legacy Document Mode cell visibility in Internet Explorer.
Addresses issue with pinch and zoom gestures on some hardware in Internet Explorer.
Addresses issue where Internet Explorer is unresponsive in certain scenarios when a Browser Helper Object is installed.
Addresses issue to prevent media and other applications from becoming unresponsive or failing when upgrading graphics drivers.
Addresses issue where customers receive "Check your account, you don't own ... Read more

Read other answers

Hi, I have a mixture of Windows 7 and Windows 10 machines on my work network all Intel. Today they started to install the Microsoft Spectre Patch for Windows 7 KB4056894 and
Windows 10 KB4056892. All the computers the have installed on sart to display that the copy of Windows is not Genuine Windows, I reboot them and then it goes to the Windows Startup repair and t can repair the computer at all. Also the Reset feature in Windows
10 won't even reset. I've had to disable Microsoft Updates via GPO, but even when I did that it still installed! I've had to disable the Microsoft Update Service using GPO also to counteract this. It's turning in to nightmare, does any one have experience
with this as I need to advice so I don't has to go to all machines around my sites and re-image them. All help would be most appreciated.

Read other answers

Hey All,
Walked into complete chaos today at the office...seems like a Microsoft patch that was automatically updated on my users machines completely messed up their video settings.
The Dell GX270s would all boot up but then go blank after XP logo screen. As far as I can figure out, some new driver update threw the integrated Intel video driver out of whack causing it to use a resolution that the crt monitors can't handle. So far I have had to reinstall the intel driver and overwrite what was automatically installed.

Anyone else run into this today?


A:Latest Microsoft Patch and Intel Video Chip

Yep, here too. Intel chipset video cards. So far I've gotten two calls, fixed one with a system restore. Other one I'm waiting for a callback.

Haven't had any problems with Windows Update for a looooong time....guess it's inevitable to have glitches. <sigh>

David Troesch

Read other 4 answers

Microsoft on December 8 expects to push out six patches to address 12 vulnerabilities as part of its monthly security update, the company announced.

The fixes ? three are rated ?critical,? the rest are labeled ?important ? will address bugs in Windows, Internet Explorer (IE) and Microsoft Office, according to an advance notification released on December 3.

The update plans to address at least one known zero-day vulnerability, an issue impacting IE versions 6 and 7. Microsoft confirmed the flaw, rated critical on all Windows platforms except Server 2008, in an advisory it released late last month.

?We know that customers are concerned about this issue, and we are also aware that proof-of-concept code is available publicly,? a senior security program manager at Microsoft wrote on November 30 in a blog post.

Experts at Rapid7, a vulnerability management firm, said organizations should make this patch a priority. The other critical bulletins set to be released impact Windows and Microsoft Project, a project management software program for Office.

Apparently not slated for repair is a zero-day vulnerability in the Server Message Block (SMB) protocol, according to an advisory released last month.

The company said successful exploitation of the flaw, which affects Windows 7 and Server 2008 Release 2, can lead to a denial-of-service that results in a system crash ? but not the injection of malicious code.Exploit code has been published, but Microsoft is not aware of... Read more

A:Microsoft slates six fixes for decade’s final Patch Tue


Read other 2 answers

I am being swamped with what I thought were actual Microsoft emails regarding critical security downloads and each email that was scanned contains a virus.

What is going on? The email looks so" Microsoft "official. I cannot tell that it is phoney but thank goodness I have anti-virus installed.

I want to block these emails now as I have several from this bogus site...If I filter Microsoft, I may miss a real important update.

A:Microsoft bogus emails re critical patch updates

Read other 7 answers

Microsoft has today released a critical out-of-band security update for all supported versions of Windows, addressing a serious flaw that could potentially lead to remote code execution on unpatched systems.

Read more

A:Microsoft releases critical security patch for Windows

"Gee Wally, I didn't think Windows 10 would ever need any security patches because everybody is always screaming how secure it is already. What's going on Wally?".

"You believed what Microsoft said Beaver. That was your first mistake".

Same ole whack-a-mole game. No reason to move off Windows 7 yet that I can see.

In fact, if you think about it, the more popular post "Windows 7" operating systems become the more likely they are to be the main targets of hackers. Which means less attacks on older operating systems which means, older operating systems will be more secure by default. Because nobody is concerned about them anymore. Ah, I can sleep soundly tonight.

Now...where were those people calling for the death of Adobe Flash again?
Do we call for the death of Windows 10 now? Or do you wanna wait a month until the next security breach is discovered?


Let the hacking begin.

Read other 12 answers

There has been some information collected on the issue. It appears there is an incompatibility with the touchscreen driver (from Wacom) and the latest Windows 10 Creator Update.  This thread has indicated that Lenovo is aware of the issue, but is waiting for Microsoft to release a patch. I will not mark this topic solved until they provide a working solution. https://forums.lenovo.com/t5/Lenovo-Yoga-Series-Notebooks/Yoga-720-Touchscreen-Not-Functional-Wacom-...

Read other answers