Microsoft defends its WMF response

A Microsoft official on Friday defended the company's handling of the WMF security vulnerability threat.

A Microsoft official on Friday defended the company's response to the discovery of a security vulnerability involving Windows Metafile (WMF). This flaw put systems running Windows XP and Windows Server 2003 at risk from malicious hackers.

Microsoft went into emergency mode after it learned of the critical WMF vulnerability on Dec. 27 and immediately assembled a team that worked non-stop until its members developed the fix released Thursday, said Debby Fry Wilson, director of security engineering and communications, during a Web cast to discuss the situation.

Microsoft launched its Software Security Incident Response Process, "an emergency response process which triggers bringing literally all the people who have a stake in the issue to the table," she said. "The teams have been very dedicated and have been here 24 hours a day for the past 10 days or so to make sure we have an effective resolution of this issue."

Microsoft released a patch to the security hole on Thursday, ahead of its original plan of issuing it on Tuesday of this week, which is when it will release its monthly set of security patches and updates. Microsoft had come under fire from critics who said it was taking too long to fix the problem, considering it was a zero-day type, which refers to vulnerabilities which malicious hackers begin to exploit while there is no patch or certified workaround.

Fry Wilson said on Friday that the exploits weren't spreading as quickly as some experts were suggesting and that's why Microsoft felt it could wait to release its fix until it had been fully tested and certified to work.

From the moment it learned of the vulnerability, Microsoft also went to work with ISPs (Internet service providers) to have them block access to malicious sites hosting exploits, she said. It also immediately reached out to antivirus vendors, which in turn promptly began to release definitions to protect users, she said. These efforts significantly mitigated the spread of the damage while Microsoft came up with a solution, she said.

"Knowing exploitations were serious but not spreading quite as rapidly as some in the community were indicating, we needed to weigh putting out an out-of-band update with the need to make sure it was effective. That's why we were very adamant about producing the update that had gone through the complete testing matrix and cycle we normally do for a [regular patch] release on the second Tuesday of the month," she said.

On Sunday, The SANS Institute's Internet Storm Center (ISC) urgently advised users of vulnerable systems to apply an unofficial patch, saying they shouldn't wait for the official Microsoft fix. Microsoft discouraged users from following this advice.

Microsoft labels the vulnerability as critical for Windows 2000 SP4, Windows XP SP1, Windows XP SP2, Windows Server 2003 and Windows Server 2003 SP1. It concerns the way these operating systems' graphic rendering engines process graphics in WMF format. Successful exploits can allow malicious hackers to remotely execute code of their choice on a machine.

The vulnerability is deemed not critical for Windows 98, Windows 98SE and Windows ME. Users of Windows NT 4.0, Windows 2000 SP3 and Windows XP Gold should upgrade their operating systems because those versions are no longer supported by Microsoft, said Christopher Budd, security program manager at the Microsoft Security Response Center. There have been no known attacks against Windows 2000 systems, he said.

Users with vulnerable and unpatched systems can fall prey to an attack if they navigate to a Web page containing a malicious WMF file, if they open a malicious WMF file in an e-mail attachment or if they open a document, such as a Word document, that contains such a file.

Microsoft had previously approved a workaround to the WMF problem which unregistered the Windows Picture and Fax Viewer, making it unable to process WMF files. Once the new patch has been installed, however, users can roll back that workaround and enable the Picture and Fax Viewer.

Microsoft has made the patch available for deployment through the usual automated update channels, such as SUS (Software Update Services), WSUS (Windows Server Update Services) and other Microsoft tools.

More information can be obtained here:

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Juan Carlos Perez

IDG News Service
Show Comments

Cool Tech

Toys for Boys

Family Friendly

Stocking Stuffer

SmartLens - Clip on Phone Camera Lens Set of 3

Learn more >

Christmas Gift Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Aysha Strobbe

Microsoft Office 365/HP Spectre x360

Microsoft Office continues to make a student’s life that little bit easier by offering reliable, easy to use, time-saving functionality, while continuing to develop new features that further enhance what is already a formidable collection of applications

Michael Hargreaves

Microsoft Office 365/Dell XPS 15 2-in-1

I’d recommend a Dell XPS 15 2-in-1 and the new Windows 10 to anyone who needs to get serious work done (before you kick back on your couch with your favourite Netflix show.)

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Cathy Giles

Brother MFC-L8900CDW

The Brother MFC-L8900CDW is an absolute stand out. I struggle to fault it.

Luke Hill


I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?