 |
As mentioned yesterday, a public head of steam is building up around the very serious security vulnerability in Windows’ handling of WMF files. Microsoft attempted to relieve the pressure today with a press release that said hang on, the cavalry will be coming on this month’s regular Patch Tuesday (January 10). The relevant security bulletin was similarly updated. Unsurprisingly, they are not encouraging installation of the unofficial third party developed patch. I guess it’s going to be a race to see if any malefactors come up with an exploit that gets traction before the patch arrives.
January 5th, 2006 at 5:04 PM
[...] Contrary to it’s earlier statement, Microsoft decided to release a fix today for the flaw in the handling of WMF files that had exposed the security of all recent versions of Windows. According to the Microsoft press release: On Tuesday, Jan. 3, 2006, Microsoft Corp. announced that it would release a security update to help protect customers from exploitations of a vulnerability in the Windows® Meta File (WMF) area of code in the Windows operating system, in response to malicious and criminal attacks on computer users that were discovered last week. [...]
September 22nd, 2006 at 2:37 PM
[...] There’s another serious zero-day Microsoft security exploit in the wild hitting Internet and Outlook and the citizens are taking matters into their own hands instead of waiting for the Microsoft cavalry. I think I’ve heard this story before. Maybe twice. The twist is now that the citizens are more organized as Ryan Naraine reports at eWeek: A high-profile group of computer security professionals scattered around the globe has created a third-party patch for the critical VML vulnerability as part of a broader effort to provide an emergency response system for zero-day malware attacks. [...]