Or someone else will.
Joris Evers at CNET, 12:48 PM PST – Microsoft to hunt for new species of Windows bug:
Microsoft plans to scour its code to look for flaws similar to a recent serious Windows bug and to update its development practices to prevent similar problems in future products.
The critical flaw, in the way Windows Meta File images are handled, is different than any security vulnerability the software maker has dealt with in the past, Kevin Kean and Debby Fry Wilson, directors in Microsoft’s Security Response Center, said in an interview with CNET News.com. Typical flaws are unforeseen gaps in programs that hackers can take advantage of and run code. By contrast, the WMF problem lies in a software feature being used in an unintended way.
In response to the new threat, the software company is pledging to take a look at its programs, old and new, to avoid similar side effects.
Joris Evers at CNET, 5:39 PM PST – More WMF problems for Microsoft:
Just days after Microsoft rushed out a patch to fix a critical Windows flaw related to the processing of Windows Meta File images, two more problems with the component were flagged.
The newly disclosed issues could be a conduit for denial-of-service attacks, according to a description sent to the Bugtraq mailing list on Monday. A core function of the Windows operating system, explorer.exe, will crash a vulnerable Windows PC if a user views a specially crafted WMF image, according to the description. Explorer runs the Windows user interface, including the Start menu, taskbar, desktop and file manager.
Apparently Microsoft was aware of the vulnerabilities and is evaluating a fix for the next service pack because they are considered to be performance, not security problems.