去年底最後一天出現的漏洞.今早終於有patch了,不然一堆資安專家.為了這些還丟出了unoffical patch…因為他們急了.
家裡的電腦也要復原了..之前為了這個洞還把 shimgvw.dll 給unregister and rename.
在同一天就出現三個exploit code,雖然二者是PT project所丟出的東西,但第三個卻是有攻擊性的碼了.同樣當天某些地區的網站就有攻擊頁面了.
看圖會不會出事,現在看來難說囉.
Microsoft released the patch as security professionals started to take the software giant to task for what they perceive as a slow response to a critical security issue. The flaw in the WMF format concerned many security experts over the holidays because the vulnerability can be exploited in Internet Explorer by serving up specially-crafted images from a malicious Web site. The Mozilla Corporation’s Firefox browser does not immediately run code but reportedly asks permission to display the malicious images.
PS: 這裡有蠻詳細的解說(PDF)WMF: patches and workarounds explained