Microsoft defends its WMF response

A Microsoft official on Friday defended the company's handling of the WMF security vulnerability threat.

A Microsoft official on Friday defended the company's response to the discovery of a security vulnerability involving Windows Metafile (WMF). This flaw put systems running Windows XP and Windows Server 2003 at risk from malicious hackers.

Microsoft went into emergency mode after it learned of the critical WMF vulnerability on Dec. 27 and immediately assembled a team that worked non-stop until its members developed the fix released Thursday, said Debby Fry Wilson, director of security engineering and communications, during a Web cast to discuss the situation.

Microsoft launched its Software Security Incident Response Process, "an emergency response process which triggers bringing literally all the people who have a stake in the issue to the table," she said. "The teams have been very dedicated and have been here 24 hours a day for the past 10 days or so to make sure we have an effective resolution of this issue."

Microsoft released a patch to the security hole on Thursday, ahead of its original plan of issuing it on Tuesday of this week, which is when it will release its monthly set of security patches and updates. Microsoft had come under fire from critics who said it was taking too long to fix the problem, considering it was a zero-day type, which refers to vulnerabilities which malicious hackers begin to exploit while there is no patch or certified workaround.

Fry Wilson said on Friday that the exploits weren't spreading as quickly as some experts were suggesting and that's why Microsoft felt it could wait to release its fix until it had been fully tested and certified to work.

From the moment it learned of the vulnerability, Microsoft also went to work with ISPs (Internet service providers) to have them block access to malicious sites hosting exploits, she said. It also immediately reached out to antivirus vendors, which in turn promptly began to release definitions to protect users, she said. These efforts significantly mitigated the spread of the damage while Microsoft came up with a solution, she said.

"Knowing exploitations were serious but not spreading quite as rapidly as some in the community were indicating, we needed to weigh putting out an out-of-band update with the need to make sure it was effective. That's why we were very adamant about producing the update that had gone through the complete testing matrix and cycle we normally do for a [regular patch] release on the second Tuesday of the month," she said.

On Sunday, The SANS Institute's Internet Storm Center (ISC) urgently advised users of vulnerable systems to apply an unofficial patch, saying they shouldn't wait for the official Microsoft fix. Microsoft discouraged users from following this advice.

Microsoft labels the vulnerability as critical for Windows 2000 SP4, Windows XP SP1, Windows XP SP2, Windows Server 2003 and Windows Server 2003 SP1. It concerns the way these operating systems' graphic rendering engines process graphics in WMF format. Successful exploits can allow malicious hackers to remotely execute code of their choice on a machine.

The vulnerability is deemed not critical for Windows 98, Windows 98SE and Windows ME. Users of Windows NT 4.0, Windows 2000 SP3 and Windows XP Gold should upgrade their operating systems because those versions are no longer supported by Microsoft, said Christopher Budd, security program manager at the Microsoft Security Response Center. There have been no known attacks against Windows 2000 systems, he said.

Users with vulnerable and unpatched systems can fall prey to an attack if they navigate to a Web page containing a malicious WMF file, if they open a malicious WMF file in an e-mail attachment or if they open a document, such as a Word document, that contains such a file.

Microsoft had previously approved a workaround to the WMF problem which unregistered the Windows Picture and Fax Viewer, making it unable to process WMF files. Once the new patch has been installed, however, users can roll back that workaround and enable the Picture and Fax Viewer.

Microsoft has made the patch available for deployment through the usual automated update channels, such as SUS (Software Update Services), WSUS (Windows Server Update Services) and other Microsoft tools.

More information can be obtained here:

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Juan Carlos Perez

IDG News Service
Show Comments



Victorinox Werks Professional Executive 17 Laptop Case

Learn more >



Back To Business Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?