Wednesday, January 04, 2006

More WMF links

Microsoft has announced that they will release a fix for the WMF problem with the regular Windows Updates on January 10, 2006. Microsoft is recommending that people do not apply the unofficial hotfix. SANS is a bit critical of Microsoft, suggesting that the fix should be released immediately.
While all of the rest of us were sleeping, it appears that the propeller-heads working on Billy Wonka's Official Microsoft Research and Development Team have been hard at work creating a crystal ball capable of foretelling the future. The only problem: it appears that they made it from rose-colored crystal.

In their rosy vision of the future, over the next seven days, nothing bad is going to happen. The fact that there are point-n-click toolz to build malicious WMFs chock full o' whatever badness the kiddiez can cook up doesn't exist in that future. The merry, lil' Redmond Oompa Loompas are chanting "Our patch isn't ready / you have to wait / so keep antivirus / up-to-date" which makes perfectly accurate, current AV signatures appear on every Windows computer - even those with no antivirus software.

The future, according to Microsoft, is a wonderful, safe, chocolaty place.

And why not? Everything just seems to work out for them!

Imagine! You have tons and tons of work to do! Even now, the Oompa Loompas are hard at work out in Redmond, simultaneously regression-testing and translating Microsoft's WMF patch into Swahili and Urdu. And, somehow, as if by magic, all of this work will wind down at precisely the right moment so that the WMF patch doesn't have to be released "out of cycle." How convenient! Especially if you're wanting to avoid all of that nasty "Microsoft Releases Emergency Patch" publicity.

And remember, if something bad does happen to you during the next seven days, Billy Wonka and his Magic Metafiles aren't to blame. You are!
SANS also now offers an explanation of the WMF exploit in both pdf and PowerPoint downloads for free. Get them if you need to explain it to your pointy haired boss.

F Secure is reporting a new Trojan email spam that attempts to utilize the exploit. They also report that they have received a kit that is easy to use and can assemble a WMF exploit version 1.

Full Disclosure has an unconfirmed report that the unofficial patch for the WMF exploit has caused a network printing issue.

Finally, I've seen rumors that Microsoft's own first stab at fixing this problem has been leaked to the Internet. I wouldn't recommend running it. Let them get their fix out when they feel good about it as it's likely to affect many applications. One can legitimately argue whether or not their fix is coming too late and, obviously, I've recommended using the unofficial hotfix, so I tend to agree. However, it would be unwise to apply an unofficial, not thoroughly vetted release. At least the unofficial hotfix has had a lot of experts look it over once.

No comments: