Update on the WMF Exploit

Not a whole lot has been happening on the exploit front. Much talk has been over whether or not Windows 9x is actually vulnerable. From what I read, it seems Windows 9x, by default, is not vulnerable. But the user can install third-party software that could open up an attack vector.

Another issue regarding the older versions of Windows, especially Windows 98, was worrisome users of older systems who were worried about not being supported by Microsoft in Tuesday’s upcoming patch. Yeah, thats something I forgot to mention. Microsoft decided against releasing a patch for the WMF early and deferred it next Tuesday’s regular update schedule. Though, it does seem that Windows 98 users should be included in this update, but no official word thus far.

Amid the update news, it seems Steve Gibson, of GRC.com, has gotten a hold of a leaked copy of the upcoming patch for this exploit. It is just a recoded version of GDI32.DLL and will work just fine with the unofficial patch still installed. Gibson said in the GRC newsgroups, “The new replacement GDI32.DLL, which is the only thing replaced, is dated 12/28/2005 at 6:54 PM … so they clearly jumped on this right now.” So it seems like Microsoft can’t be ripped on too much for not working to fix this issue in a timely fashion. Testing the fix is the main time consumer at this time, as Microsoft doesn’t want to introduce a new bug or break systems through the patch. That might be an even worse black eye in the public opinion than the WMF exploit.

For once, I can’t be too angry at Microsoft for slow playing a patch.

technorati tags: , ,

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: