X
Tech
Home Tech Security

Alternative sites for the WMF patch and Microsoft's response to the exploit

Is the WMF exploit being overblown? Is Microsoft under-reacting?
Written by Suzi Turner, Contributor

It seems that Ilfak Guilfanov's site is down due to excessive bandwidth use.  Ilfak Guilfanov is the programmer who has created an unofficial patch for the WMF exploit, and perhaps the only reliable method of prevention right now. The patch is now available at SunbeltBLOG and at security site CastleCops thanks to Paul and Robin Laudanski.  The Hotfix checker can be found at both sites as well. CastleCops has set up a support forum and Ilfak himself is providing assistance there.

Btw, if you're wondering who Ilfak Guilfanov is, he's said to be a brilliant programmer and is the main developer of IDA Pro from DataRescue. I thank him for this patch.

So now the holidays are over and the folks in Redmond are back to work. What is Microsoft saying about the WMF exploit? 

Although the issue is serious and the attacks are being attempted, Microsoft's intelligence sources indicate that the scope of attacks is limited.

SANS handler Tom Liston takes great exception to Microsoft's response. Read Oxy-morons.

"...Microsoft's intelligence sources..."?!?

Go ahead and laugh.  I'll wait.

Through?  O.K.

While all of the rest of us were sleeping, it appears that the propeller-heads working on Billy Wonka's Official Microsoft Research and Development Team have been hard at work creating a crystal ball capable of foretelling the future.  The only problem: it appears that they made it from rose-colored crystal.

SANS has posted PDF and PowerPoint files showing how the WMF exploit works and why you should use the patch. Microsoft says they offer free 24-hour phone support for security-related problems. If you've been infected by this exploit, I'd suggest calling Microsoft.  No-Charge Support 1-866-PCSAFETY or 1-866-727-2338.

Is this exploit being overblown? Perhaps, but I tend to think not. We'll know only in retrospect. Is Microsoft under-reacting? Perhaps so. Last year this time, we saw the Windows Media Player exploits and Microsoft danced around that one for a long time before issuing a proper fix.

But then one has to wonder -- Is Microsoft damned if they do and damned if they don't?  I think the answer to that is a resounding Yes.

Editorial standards
Show Comments

Related

Logitech Mevo Core Streaming camera on a tripod on set

I fly 10 times a year. These 5 tech gadgets are lifesavers

West Virginia bridge in spring time

4 ways to connect to the internet for less after the Affordable Connectivity Program expires

Copilot in enterprise hero images

How one company's employees use Microsoft Copilot to avoid the worst part of meetings