A Microsoft employee has leaked an early version of a security fix for the WMF (Windows Meta File) flaw, reports ZDNet. While Microsoft is advising users to wait until next Tuesday for the official release, many users have downloaded and installed an unofficial patch written by Russian software developer Ilfak Guilfanov:
The fix was briefly posted on a security community Web site, Debby Fry Wilson, a director in Microsoft’s Security Response Center, said on Wednesday. Copies of the file have since been posted online elsewhere, but Microsoft recommends that customers wait for the final version in its monthly security release on Jan. 10, she said.
Security experts have urged Microsoft to rush the patch because of the onslaught of attacks. More than a million PCs have already been compromised, according to Andreas Marx, an antivirus software specialist at the University of Magdeburg in Germany. There are thousands of malicious Web sites, as well as Trojan horses and at least one instant messaging worm, that use the WMF flaw as a conduit, other experts have said.
ZDNet - Microsoft inadvertently leaks WMF patch
So the patch is there, it can be tested and put in place and the network is protected now, or you can wait until next Tuesday and then test Vole’s version of the patch, which might not work either. One financial services firm interviewed by Information Weak seems to agree with the Big G. While moaning that Microsoft had dragged its feet on providing a patch, its IT manager said she would not be installing the patch, even if it were stable, because it had not come from Microsoft.
Yet while their networks remain unpatched, companies are at risk for WMF exploits whenever their employees browse the Internet. Has the world gone mad?
the Inquirer - Vole hole patch pirate panned
People eager to download the unofficial patch inundated Guilfanov’s personal Web site, which had to be temporarily shut down as a result. He has since reduced his home page to its bare minimum. On Tuesday, Guilfanov, who lives in Belgium, explained to CNET News.com in an e-mail interview why he came up with his own answer to the Windows problem.
CNet - Newsmaker: Beating Microsoft to the punch
» Cursor Hackers Target WoW Players
» Microsoft Fixes Security Flaws - Sets New Patch Record
» Microsoft ActiveX Hole Unofficial Patch
» Microsoft Issues Patches for ‘Critical’ Flaws in Media Player and Windows
» Microsoft Deliberately m3ss3d Up Windows, Claim
» Microsoft Fixes Critical IE Problems
» Microsoft Warns of Windows Image-Handling Flaw
» Microsoft Warns of Critical Windows Flaws - Patch Available Sep 13th
» Microsoft Warns of 22 New Security Flaws
» Scanner Tool Released To Thwart JPEG Attack
» Major Graphics Flaw Threatens Windows PCs
» Seven MS Security Bulletins & Patches - Plus Four New IE Vulnerabilities
» Security Hole Found In Mozilla Browser
» Microsoft Warns Of Widespread Windows Flaw - Patch Released
» Microsoft Releases Early Cumulative IE Patch - Phishing Flaw Fixed
Loading ...
del.icio.us
Digg
Furl
Netscape
Yahoo! My Web
StumbleUpon
Google Bookmarks
Technorati
BlinkList
Newsvine
ma.gnolia
reddit
Windows Live
Tailrank
