MS shaken by Meta File flaw

Microsoft is urging enterprise users to rapidly apply a patch for the Windows Meta File (WMF) flaw, having buckled under pressure to release that patch earlier than it intended.

  • E-Mail
By  Chris Whyatt Published  January 15, 2006

Microsoft is urging enterprise users to rapidly apply a patch for the Windows Meta File (WMF) flaw, having buckled under pressure to release that patch earlier than it intended. The software giant released a fix for the flaw on January 5, five days earlier than scheduled, after users raised fears of attack. The flaw relates to how attac- kers could use the Windows’ graphic rendering engine that handles Windows Meta File images to launch malicious code on user’s computers. Within days of the bug being acknowledged by Microsoft, on December 28, there were more than 200 exploits circling, according to security firm Sophos. “You should deploy the update as soon as it is feasible,” wrote Mike Nash, vice president for security business, on a blog earlier this month. “Put it through your testing process and get it deployed. If it were my decision, I would move up your schedule. That is what we are doing in our IT operation here at Microsoft,” he noted. Microsoft had previously declined to release a patch early, claiming that the dangers were limited, and that it would wait until its January 10 update. However, before it released the patch, security firm Symantec said the threat level was the highest it had been for 18 months. "What this signifies is the reality of the zero day threat, when exploit code is released into the internet community almost immediately after the information of the vulnerability is made public,” said Ivor Rankin, senior technical consultant, Symantec MENA. Users have been warned to expect similar types of attack later this year. “Bottom line, this is more than an image problem for Microsoft, this is the first picture of attacks to come this year,” Simon Perry, vice president of CA, said last week.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code