Slashdot Mirror

← Back to Stories (view on slashdot.org)

Businesses Urged To Use Unofficial Windows Patch

Posted by Zonk on from the quick-quick dept.

frankie writes "ZDNet is reporting on the latest dire pronouncements about the WMF vulnerability. The problem is so serious that security experts are urging IT firms to use the unofficial patch. Microsoft's current goal is to release the update on Tuesday." From the ZDNet article: "This is a very unusual situation -- we've never done this before. We trust Ilfak, and we know his patch works. We've confirmed the binary does what the source code said it does. We've installed the patch on 500 F-Secure computers, and have recommended all of our customers do the same. The businesses who have installed the patch have said it's highly successful" It's big enough that even mainstream media is covering the flaw.

6 of 374 comments (clear)

  1. Does MS view this as important? by JonN · · Score: 4, Interesting
    So if this vulnerability is high on the seriousness level, is anyone else wondering the same thing as I am; How and why is it that Microsoft is days behind a third party in releasing a security patch? I mean this is hitting mainstream media, and Microsoft's security patch response team is being bested by some 'guy'?

    It brings interesting schemes into my mind. Oh don't mind me, I'm just going to grab my tin foil hat.

    --
    do.what.promptcmds
    1. Re:Does MS view this as important? by travisco_nabisco · · Score: 4, Interesting

      It looks like Microsoft is allowing its user community to patch problems before it can. Oh no!! That sounds a lot like how the Linux community works. Is this going to be a more common occurence as time goes on?

  2. MS has to test very extensively by PIPBoy3000 · · Score: 5, Interesting

    If you're curious as to what all they do, you can take a look here. A sample quote from the article:

    In some cases, particularly when the Internet Explorer browser is involved, the testing process "becomes a significant undertaking," Toulouse said. "It's not easy to test an IE update. There are six or seven supported versions and then we're dealing with all the different languages. Our commitment is to protect all customers in all languages on all supported products at the same time, so it becomes a huge undertaking."

  3. Whoa, that's really bizarre by frankie · · Score: 5, Interesting

    This article isn't anything like the one that I submitted.

    • 2006-01-03 17:15:05 No Microsoft WMF update until next week (Index,Windows) (accepted)

    Mine looked more like this (body content from memory):

    " The usual suspects are reporting Microsoft's latest announcement about the WMF vulnerability (link to previous /. article). To quote (link to MS technet article): "Microsoft's goal is to release the update on Tuesday, January 10, 2006, as part of its monthly release of security bulletins." So do you install the unofficial patch (link to previous /. article), or cross your fingers for a week?"
  4. What will be especially interesting... by Spazntwich · · Score: 4, Interesting

    will be to compare the Microsoft released patch to the unofficial one.

    It would be deliciously muddying for Microsoft if someone discovered significant parts of the unofficial patch in the official one.

  5. Re:block wmf by Shimmer · · Score: 4, Interesting

    That's great, but it's all irrelevant. The HTTP 1.1 protocol says that a browser shouldn't try to guess the MIME type of a document if it's specified by the server. IE ignores this and tries to guess the MIME type anyway.

    Note the key difference between an OS (your example) and a browser (reality).

    --
    The most rabid believers in American Exceptionalism are the exact same people whose policies are destroying it.