Experts praise Microsoft's patching effort

Microsoft released a patch for the vulnerability outside of its regular patching cycle and only nine days after the flaw's public disclosure. The vulnerability, which affects all versions of Windows and is described in Microsoft security bulletin MS06-001, can be exploited when a victim views a maliciously crafted image file.

Neal Wise, partner of Sydney-based security consultancy Assurance.com.au, admitted that the flaw was dangerous but praised Microsoft for dealing with the problem so quickly: "It is interesting when a new class of attack is introduced during the holiday season and nobody is around to react -- it is deliberate without a doubt. I am impressed that given the time of year, Microsoft got engineering people in and got a patch out".

James Turner, security analyst at Frost & Sullivan, told ZDNet Australia  that he was impressed by the speed of Microsoft's response: "Nine days for something fairly deep like this is very impressive."

According to Turner, users should not expect complex software to be fault free.

"People are expecting vendors to put out software that is completely fault free. It is almost like Australia trying to defend its coastline. As soon as you put the coast guards or navy at one point then someone will land a boat on another part -- there is a lot of stuff to defend.

Microsoft's chief security advisor Peter Watson said on Monday morning that not even one Australian customer has contacted the software giant to report a successful exploit of the flaw.

"I have just checked again with our Microsoft Australia customer support staff, I can let you know that as of this morning Microsoft Australia has still not been contacted by any customers whose systems have been affected by the Windows Meta File (WMF) exploitation," said Watson.

A spokesperson from anti-virus firm Sophos concurred, saying that at the end of business on Friday there were still no reported exploits of the flaw in Australia.

However, some ZDNet Australia  readers say they have been affected.

One reader claimed to have received "dozens of e-mails" containing links to infected image files: "I saw people posting them on forums to try to hack others," the reader wrote.

Michael Warrilow, director of Sydney-based consultancy Hydrasight, told ZDNet Australia  that he is sceptical that no users have been affected and believes Microsoft is very 'lucky' if that is the case.

"Given the fact that [the exploit] is multi-vector and affects every version of Windows -- Windows 98, 2000, XP, 2003 - all of those that are unpatched are going to be susceptible. It will invariably be hitting people in the consumer space and I wouldn't be surprised if it hits people in the enterprise space too," said Warrilow.

Microsoft's Watson, who said that the company was "monitoring the situation", recommended that anyone who believes that have been affected should contact Microsoft's support centre or visit the Microsoft Australia security Web site. Microsoft Product Support Services can be contacted on 13 20 58.