Official WMF Vulnerability Patch

Microsoft has released an official patch for the Windows WMF vulnerability — a little ahead of their official schedule, and a little behind when it probably should have came out.

The patch and details are available here.

The SANS Internet Storm Center has recommendations on how to apply this update, including how to uninstall the previous unofficial patch and re-register the DLL that had the problem in the first place. Details are here.

The SANS instructions are a little complicated, since they are written for both individual users and administrators of multiple systems.

If it’s just your own machine, and you followed the instructions in the previous post, here is a simplified set of instructions for replacing the unofficial patch with the official one, and re-registering the DLL that you unregistered.

• Reboot
• Download the patch for your version of Windows from here and install it.
• Go to Control Panel | Add Remove Programs and remove the unofficial hotfix. It’s titled “Windows WMF Metafile Vulnerability HotFix” (there will probably also be a version number). You’ll probably be prompted to reboot afterwards; you can, or you can go on and reboot after the next step.
• Click on Start | Run and enter
  “regsvr32 %windir%\\system32\\shimgvw.dll” (without the quotes)
  You’ll get a little dialog telling you that registering the DLL succeeded.
• Reboot your machine (particularly if you did not do so after uninstalling the unofficial patch.)

After this, you should be good to go until the next ordeal!

Windows WMF Vulnerability — Heads up!

Update — Microsoft has released an official patch; you can go here to read more details, including how to uninstall the unofficial patch and re-register the DLL the instructions below had you unregister.

There has been a lot of talk in the last week about the new WMF vulnerability in Windows. Unfortunately, if you’ve been living on a desert island — or just taking a little time away from the computer celebrating the holidays — chances are that you may not have heard of it.

In brief, there is a newly discovered and un-patched vulnerability (what is called a “zero day” vulnerability) in Windows that can allow a seemingly innocent image to execute code on your computer.

Let me put this in a bit more blunt terms — imagine loading a web page (even a perfectly innocuous-looking web page that you visit often) and an image — perhaps even a single-pixel white dot on a white background — causes your computer to load up lots of spyware, spawn ads all over the place, capture your information when you type in passwords or credit card information, send out spam without you knowing it, damage your data, and infect other computers in your local network.

Now imagine that you’re not imagining.
Read more

Simple Rsync for Windows (How To)

Rsync is one of those magic tools.  What it does is to keep two directories (typically on two different machines) the same.

Let’s say you want to back up your “my documents folder” every night to a server across a network.  Rsync will take any new documents you’ve added, and put them in your folder on the server.  It’ll also delete any documents you’ve deleted (if you tell it to.)

That’s pretty simple, and there are many ways of doing that. 

Where Rsync shines is that it will do it with parts of files — let’s say you have a 3 gigabyte file that gets a little update each day.  Instead of deleting the backed up copy and sending a new 3 gigabyte file, Rsync is smart enough to just send the parts that have changed. 

It doesn’t have to know anything about what the file is — it can do it with a Word document, a spreadsheet, a database, etc.
Read more

IE Security hole worse than feared

Just to put a cherry on top of the whole “Firefox 1.5 has been released” thing, if you’re still using Internet Explorer, you should go read this:

IE Flaw Is Worse Than Expected.

There’s a lot of geek-talk on that page, but the upshot of it is, if you’re a Windows user using Internet Explorer, any website you visit could be used by a malicious user to execute anything on your computer. Like reformat your drive. Or mail your Quicken account data to someone.

There is no fix for this yet.

Scary Stuff.

CableCARD uncertainty setting in?

Apparently a few other people are now wondering whether CableCARD support is going to really be available outside of designated pre-built MCE systems…

Ed Bott writes in CableCARD and Media Center PCs: More questions than answers:

Does this mean that CableCARD-ready Media Center PCs will only be available from name-brand PC makers? If so, this is an unwelcome step backwards. The best news of last year was Microsoft’s move to make OEM copies of its Media Center software available to enthusiasts rather than forcing them to buy pricey name-brand systems.

The ideal solution will allow users on any Windows PC (assuming it meets the Media Center specs) to upgrade to Windows Vista, add a compatible TV tuner and CableCARD decoder. Expect screams of anguish if people buying high-powered PCs in the next year discover that there’s no CableCARD ugprade path.

No kidding.

There’s a bit of vague handwaving in the comments by some of the usual suspects, but the real question is becoming the same question we’re used to seeing where DRM is concerned, namely “How bad did the users get sold out to the content holders in order to make this happen?”

There’s plenty of evidence of other manufacturers drasticly affecting the user experience in order to make the CableCARD powers that be happy.

What makes us think Microsoft will be any different?

CableCARD and DRM

While I’m thrilled to see Microsoft’s announcement of CableCARD support coming to Windows Media Center next year, I still get a little nervous as to how all of the digital rights managment issues are going to work out.

‘Cuz things aren’t exactly rosy on the CableCARD front, even without involving DVRs.

For example, check out this thread over on the AVSForum’s Plasma and LCD forum:

Panasonic Policy prohibiting digital audio out with Cable Card?

The upshot of it is that owners of Panasonic plasma TVs with CableCARD support are finding that their digital audio output is disabled whenever the cable company sets a flag indicating that a channel contains “high value” content — basically, any time you’re viewing anything other than locals.
Read more

New Options – SageTV 4, Beyond TV 4

Just as I start to get my MCE box back stabilized, there are starting to be a lot of tempting new options. SageTV has released version 4 of their PVR system, and SnapStream is now shipping Beyond TV 4.

Both now support HDTV, although each has (as always) a bit of their own spin, and like MCE, both are still limited to recording OTA (over-the-air) HD.

Hopefully someone will soon give us some detailed comparisons of them in use; I’m tempted to do it myself, but I won’t have time to even start such a thing for another couple of weeks.
Read more

Sage TV Version 3 Now in Beta

The next generation of Sage TV is now in beta, with some interesting new features — plus HD recording and playback to come…

A more complete list of changes will be available later, but for now, here are some of the v3 changes, in no particular order:

Read more

More MCE Keyboard Info

More info on the new MCE Keyboard, from Chris Lanier.

Additional highlights include “spill-resistant” keyboard (hey, that means it’s livingroom friendly!), a “key lock” feature to keep buttons from being inadvertantly pushed, TV Power and Volume Control, and a 30 foot range.

Available in September.

Chris links Microsoft’s consumer page, Google’s cache of an OEM info page, and a Flash demo.

No official word anywhere of it using the same remote receiver, but apparently a new update for the existing remote receiver includes support for the new keyboard, so I suspect that means it all works together.

I’m looking forward to this one.

Microsoft Remote Keyboard for MCE

Engadget has a preview of a new Microsoft Remote Keyboard for Windows XP Media Center Edition.

Infrared, touchpoint mouse, backlit buttons and the requisite little green MCE button, for “under $100″.

If this will work with the same remote receiver as the MCE Remote, I can finally retire my trusty old “Airboard” and its receiver, and clean up my installation a bit.

« Previous Page — Next Page »