iEntry 10th Anniversary RSS Archive

IT Management Begins With Security
SecurityProNews > Insider Reports > Insider > Windows Vista Security Update: WMF Lives On
Search:
[ insider_reports_insider ]

Windows Vista Security Update: WMF Lives On



John Stith
Staff Writer
2006-01-17

SecurityProNews: Insider Reports Insider Reports RSS Feed


The WMF issue has been a real thorn in the side of Microsoft. The kids in Redmond plopped out their first update for Windows Vista and it appears to be for the same problem wit the WMF images that riddle other versions of Windows.

The Thorn in Microsoft's Side
The Thorn in Microsoft's Side

At this point, Microsoft is claiming Vista is their most secure version of Windows yet. Based on the previous track records, that wouldn't take much. This patch fixes a bug in Window's graphic rendering engine (sound familiar) and how it processes the WMF images.

According to Microsoft's update, "a remote code execution security issue has been identified in the Graphics Rendering Engine that could allow an attacker to remotely compromise your Windows-based system and gain control over it." As TechWeb points out, that language is very similar to language used in the update MS06-001.

Microsoft admitted they've known about the WMF issue for years but it was part of a system and the problem wasn't originally considered as such. It was designed in intentionally. The problem though is that it did create a big vulnerability. It could be a big issue in Vista if it isn't corrected or removed completely.

The SecuriTeam blog goes into an interesting discourse on why Microsoft failed to fix a problem they identified some years ago. They suggest Microsoft's problem is their size. In a company as large as Microsoft, with upwards of 50,000 people, sometime it's difficult to get things done by the time all the departments and offices involved get a chance to consider the problem and why it even is a problem:

Microsoft is a big corporation with completely different smaller "companies" inside of it.
Imagine (as in fiction) the VP in charge of the development of Internet Explorer knowing of this vulnerability.

To fix it he needs the cooperation of a completely different department, as well as pass through bureaucracy. Further, he needs to possibly convince people to/of:
- Mess with legacy code written years ago, that currently works.
- Explain a security issue to people who don't really understand what the fuss is all about.
- Explain why a feature, put in there by design, was a vulnerability and has to be removed while it so far has been fine, and removing it might just break stuff.


Add to | DiggThis | Yahoo My Web





About the Author:
John is a staff writer for SecurityProNews covering cyber security.

More insider_reports_insider Articles

SecurityProNews: Insider Reports Insider Reports RSS Feed

Get Your Site Submitted for Free in the World's Largest B2B Directory!

Email Address:
* URL:
*
*Indicates Mandatory Field

Terms & Conditions

iEntry Featured Services: Jayde Member Services | Forums | Freeware | Advertise with Us

Contact Us | Advertise | Newsletter Archive | Sitemap | Submit an Article | News Feeds
SecurityProNews is an iEntry, Inc.® publication - $line) { echo $line ; } ?> All Rights Reserved | Privacy Policy and Legal		 Join the WebProWorld Forums: Click Here
Virus Warnings

Subscribe to
SecurityProNews FREE!


[ more newsletters ]

Featured On:
article resources
Search Articles:
[advanced search]

WebProWorld.com
Get in-touch with industry experts and leaders
Post your site for review by expert and peers
Ask Security, IT, Development and Design questions

Free Membership: Join Now!

Visit WebProWorld.com

Titan Quest Forum
The #1 Titan Quest forum
Halo 3 Forum
The best Halo, Halo 2, Halo 3 forum
Nintendo Wii
Nintendo Wii news and views
Mac Software
The best in OS X freeware
Graphics Forum
Your source for graphic tutorials
SecurityProNews.com | Breaking eBusiness News Get Your IT Questions Answered - Click Here SecurityProNews News Feeds