Hunter Strategies LLC logo

Microsoft News Tracker

What's more interesting than observing Microsoft?

January 5, 2006

Microsoft releases WMF security patch early

Posted by David Hunter at 5:03 PM ET.

Contrary to it’s earlier statement, Microsoft decided to release a fix today for the flaw in the handling of WMF files that had exposed the security of all recent versions of Windows. According to the Microsoft press release:

On Tuesday, Jan. 3, 2006, Microsoft Corp. announced that it would release a security update to help protect customers from exploitations of a vulnerability in the Windows® Meta File (WMF) area of code in the Windows operating system, in response to malicious and criminal attacks on computer users that were discovered last week.

Microsoft will release the update today, Thursday, Jan. 5, 2006, earlier than planned.

Microsoft originally planned to release the update on Tuesday, Jan. 10, 2006, as part of its regular monthly release of security bulletins, after testing for quality and application compatibility was complete. However, testing has been completed earlier than anticipated and the update is ready for release. In addition, Microsoft is releasing the update early in response to strong customer sentiment that the release should be made available as soon as possible.

The associated Microsoft Security Advisory 912840 has been updated and somewhat puzzlingly now has this disclaimer:

Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) were previously listed as affected, but are no longer listed. Why is that?

Although Windows 98, Windows 98 Second Edition, and Windows Millennium Edition do contain the affected component, at this point in the investigation, an exploitable attack vector has not been identified that would yield a Critical severity rating for these versions. Per the support life cycle of these versions, only vulnerabilities of Critical severity would receive security updates.

For Windows 2000, XP, and Server 2003 however, the patch is available from the usual locations including Windows and Microsoft Update.

Filed under General Business, Patch Tuesday, Public Relations, Security

Related posts:


3 Responses to “Microsoft releases WMF security patch early”

  1. Microsoft News Tracker » Weekend Microsoft News Roundup Says:

    [...] Private label Windows patches: Then since Microsoft declined to patch the WMF vulnerability on Windows 98 and ME (more here), tech guru Steve Gibson has offered to do it himself. Steve also reports that the official Microsoft patch was effectively the same as the “unofficial” patch from Ilfak Guilfanov. The way this whole thing was handled had Microsoft defending itself on Friday. [...]

  2. Microsoft News Tracker » Vista slippage and more buzz Says:

    [...] Speaking of CTPs, over the weekend came the news that Microsoft Ships First Vista Security Patches for the December CTP. They fixed the WMF vulnerability that drew so much comment earlier in the month and which apparently affected Vista as well. [...]

  3. Everyone is patching IE but Microsoft -- Microsoft News Tracker Says:

    [...] As Yogi Berra said, it’s like deja vu all over again. If you don’t follow any of the links in the next paragraph, it reads like the WMF exploit of two months ago, but it actually is the latest Internet Explorer nasty. Here’s the plot: [...]

News Search:

Recent Posts:

Daily Digest Email:

Enter your Email

Powered by FeedBlitz


Full category list


Archive List

RSS Feed:

HunterStrat Links:


  • Powered by WordPress.