[ insider_reports_insider ]
WMF: The Fix Is In
John Stith
Staff Writer
2006-01-06
 Insider Reports RSS Feed
Late on Thursday afternoon, Microsoft put out an announcement they would be releasing their patch for the WMF exploit that afternoon. By about 4:30 pm EST, they started the distributing the patch. This was crucial for Microsoft, who had already been beaten to the punch by a third party developer.
 | | Microsoft Patches Latest Windows Security Hole |  |
This whole thing turned into a public relations disaster for a company normally pretty good with the PR thing. They were outmaneuvered on this one by Ilfak Guilfanov, who developed an unofficial patch for the WMF flaw. Microsoft's patch looks remarkably like the one Guilfanov released days before.
After some research, looking at the words of various experts on their blogs on this issue, there are some conclusions to be drawn from this. First, is that while Microsoft did release the patch early, it should've been out quicker. The SecuriTeam blog pointed out that, "When Microsoft wants to, it can."
They also pointed out the patch does exactly the same thing Guilfanov's patch did, disallowing SETABORT. Microsoft rearranged things a bit, but it's still essentially the same. Also, a number of security software firms also had blocks against possible exploits before Microsoft released their patch.
This is a good time though, particularly at the beginning of the new year, for folks to really assess their security for their computer system, whether a stand-alone home unit or an office full connected to a massive server. Zero-day exploits will occur again. This means it's crucial for individuals and companies to take care to make sure their systems are updated, not to open unknown attachments, and be wary of websites and unsolicited emails.
About the Author:
John is a staff writer for SecurityProNews covering cyber security.
More insider_reports_insider Articles
Insider Reports RSS Feed
|
|
iEntry 10th Anniversary
RSS
Archive
