Hunter Strategies LLC logo

Microsoft News Tracker

What's more interesting than observing Microsoft?

January 2, 2006

Windows WMF vulnerability state of play

Posted by David Hunter at 9:27 AM ET.

Brian Krebs at the Washington Post has a useful review of where things currently stand with the Windows WMF vulnerability (mentioned here last week) and the unofficial patch that is available. In a nutshell, the antique WMF file format (dating back to Windows 3.0) has left Windows wide open and while knowledgeable folks are waiting with trepidation to see which of the lowlifes walks in first, some have taken matters into their own hand to formulate a defense. Krebs:

I have to say I’m surprised that Microsoft has not yet issued an official fix for this. My guess is that if they wait until a week from Tuesday to ship an update, it will cost them dearly in terms of current and potential future customers.

And speaking of public relations, Microsoft’s Robert Scoble links to a Channel 9 post where the discussion makes it clear that there won’t be any unofficial advice from Microsoft employees. Generally, there’s nothing worse than “informal” security advice and I realize the difficulties in creating the “official” patch, but from a public relations standpoint it really doesn’t look good that it seems to be a band of volunteers that is manning the barricades and doing an excellent job of it.

One other thought – despite some commentary I have seen that this vulnerability spells the end of Windows 98 systems connected to the Internet, Windows 98 will still receive official Microsoft security patches until June 30, 2006 and should be covered by the official fix when it arrives.

Filed under General Business, Patch Tuesday, Public Relations, Security

Related posts:


2 Responses to “Windows WMF vulnerability state of play”

  1. Microsoft News Tracker » Microsoft issues statement on WMF vulnerability Says:

    [...] As mentioned yesterday, a public head of steam is building up around the very serious security vulnerability in Windows’ handling of WMF files. Microsoft attempted to relieve the pressure today with a press release that said hang on, the cavalry will be coming on this month’s regular Patch Tuesday (January 10). The relevant security bulletin was similarly updated. Unsurprisingly, they are not encouraging installation of the unofficial third party developed patch. I guess it’s going to be a race to see if any malefactors come up with an exploit that gets traction before the patch arrives. Posted @ 2:09 pm. Filed under Security, General Business, Public Relations   [Permalink] [...]

  2. Microsoft News Tracker » Microsoft releases WMF security patch early Says:

    [...] Contrary to it’s earlier statement, Microsoft decided to release a fix today for the flaw in the handling of WMF files that had exposed the security of all recent versions of Windows. According to the Microsoft press release: On Tuesday, Jan. 3, 2006, Microsoft Corp. announced that it would release a security update to help protect customers from exploitations of a vulnerability in the Windows® Meta File (WMF) area of code in the Windows operating system, in response to malicious and criminal attacks on computer users that were discovered last week. [...]

News Search:

Recent Posts:

Daily Digest Email:

Enter your Email

Powered by FeedBlitz


Full category list


Archive List

RSS Feed:

HunterStrat Links:


  • Powered by WordPress.