Unofficial Patch for Windows Flaw
Security experts are urging Windows users to apply a non-Microsoft-issued software patch to fix an extremely dangerous bug that has exposed hundreds of millions of the operating system's users to spyware and viruses.
Tom Liston, an Internet security consultant with Washington-based Intelguardians and an incident handler with the SANS Internet Storm Center, pleaded with Microsoft users to feel at ease installing the patch, which he said SANS had reverse-engineered, reviewed and vetted to ensure it fixes the problem and does nothing else.
"To the best of my knowledge, over the past 5 years, this rag-tag group of volunteers hasn't asked for your trust: we've earned it," Liston wrote. "Now we're going to expend some of that hard-earned trust. This is a bad situation that will only get worse. The very best response that our collective wisdom can create is contained in this advice -- unregister shimgvw.dll and use the unofficial patch. You need to trust us."
The folks over at Finnish antivirus company F-Secure also have been chronicling the threats taking advantage of this new vulnerability, and they also urge users to install the patch from Guilfanov.
It's a pretty remarkable statement about the security community's assessment of the threat from this flaw that they would urge users to install a non-Microsoft patch. Hardly a month goes by when we don't warn about some virus or worm going around masquerading as a patch from Redmond.
I haven't seen any reports of this patch causing any trouble for those who've installed it, but of course, use the patch at your own risk. You can download it from here.
SANS's Liston said it doesn't appear that Microsoft Corp. will issue a fix for this problem before Jan. 10, its next regular monthly patch release date. SANS's recommendation comes hours after the emergence of an instant-message worm that's now exploiting the Windows flaw.
It looks like this patch could be difficult to deploy over large networks, as it must be applied manually at each machine. As a result, Liston said SANS is working creating a different installer for the patch that would offer the ability to install the patch remotely.
I have to say I'm surprised that Microsoft has not yet issued an official fix for this. My guess is that if they wait until a week from Tuesday to ship an update, it will cost them dearly in terms of current and potential future customers.
Update, 8:00 p.m. ET, Jan. 3:Looks like Guilfanov's site has surpassed its allotted level of monthly Web traffic from all the attention his patch is getting. SANS has set up a mirror of the patch on their site, which is downloadable here.
Posted by: dbm1rxb | January 1, 2006 7:47 PM | Report abuse
Posted by: Tom | January 1, 2006 9:35 PM | Report abuse
Posted by: Steve Mullen | January 1, 2006 9:38 PM | Report abuse
Posted by: AH | January 2, 2006 1:27 AM | Report abuse
Posted by: Luke | January 2, 2006 2:17 AM | Report abuse
Posted by: Kevin Frey | January 2, 2006 2:24 AM | Report abuse
Posted by: Patrick Dickey | January 2, 2006 5:12 AM | Report abuse
Posted by: Bk | January 2, 2006 9:33 AM | Report abuse
Posted by: dcg | January 2, 2006 6:36 PM | Report abuse
Posted by: Ross | January 3, 2006 9:10 AM | Report abuse
Posted by: Dave H | January 3, 2006 10:54 AM | Report abuse
Posted by: Vellosoft | January 3, 2006 11:52 AM | Report abuse
Posted by: David | January 3, 2006 12:12 PM | Report abuse
Posted by: David | January 3, 2006 12:15 PM | Report abuse
Posted by: Greg | January 3, 2006 7:22 PM | Report abuse
Posted by: Bk | January 3, 2006 8:02 PM | Report abuse
Posted by: EF | January 4, 2006 4:33 AM | Report abuse
Posted by: Jim | January 4, 2006 7:47 AM | Report abuse
The comments to this entry are closed.