Diferencia entre revisiones de «Microsoft publica un parche de emergencia para la vulnerabilidad de los archivos WMF en Windows»

Cinco días antes de lo previsto, Microsoft publicó este jueves (5) un parche para corregir la vulnerabilidad en los meta-archivos de Windows (WMF por sus siglas en inglés) descubierta hace más de una semana y que deja abierta la puerta para que algún hacker controlara de forma remota cualquier equipo con Microsoft Windows instalado.

Esta noticia es una obra derivada de «Microsoft releases emergency patch for WMF exploit), realizada originalmente por reporteros de Wikinoticias en idioma no definido en la plantilla {{getlang}}, [//es.wikinews.org/w/index.php?title=Plantilla:Getlang&action=edit añádelo] y disponible bajo la licencia Creative Commons Atribución 2.5 Genérica.

La efectividad de este parche "oficial" no ha sido confirmada aún.

Microsoft has made available patches for all currently supported versions of their Windows operating system. However, the Windows 98, Windows 98 Second Edition, and Windows Millenium Edition versions have not – at this time – had patches issued for this vulnerability. According to Microsoft, these versions contain the vulnerable software component but, "the vulnerability is not critical because an exploitable attack vector has not been identified that would yield a Critical severity rating for these versions."

Current versions of Windows, including Windows XP and Windows Server 2003, depending on configuration, may prompt users to download or install this update automatically for those computers currently connected to the Internet. This is the preferred method of protecting your computer from this vulnerability.

Other users are advised to visit Microsoft Windows Update to obtain this security patch, if they are unable to obtain the patch or are unsure whether they have it.

Previous methods of protection included unregistering shimgvw.dll to disable handling of Windows MetaFiles, as per Microsoft's security advisory. Since it does not correct the underlying problem, it is unlikely that this method is recommended any longer.

Other methods included Ilfak Guilfanov's unofficial patch, which was not advised by Microsoft, but served as a measure to mitigate the immediate effects until an official patch was released. Guilfanov has now noted that the patch is no longer needed.

Este artículo está en progreso. Se te invita a colaborar editándolo. Cuando quieras publicarlo, reemplaza {{En progreso}} por {{Revisar}} para que un editor/revisor se encargue de revisar el artículo. Editar Solicitar una revisión