Microsoft to Patch WMF Exploit Early

Chran writes "Microsoft has just announced that they will release a security update for the .WMF-exploit today at 2pm ET, instead of Tuesday, as originally planned. Microsoft writes: "Microsoft originally planned to release the update on Tuesday, January 10, 2006 as part of its regular monthly release of security bulletins, once testing for quality and application compatibility was complete. However, testing has been completed earlier than anticipated and the update is ready for release. In addition, Microsoft is releasing the update early in response to strong customer sentiment that the release should be made available as soon as possible."

Re:Reactive vs Proactive

Patch has been released.
Get it here http://www.microsoft.com/technet/security/Bulletin /ms06-001.mspx

According to the folks at F-secure, it co-exists well with Ilfak's unofficial patch as well as the REGSVR32 workaround. Read their blog here. http://www.f-secure.com/weblog/archives/archive-01 2006.html#00000771

NO!

[baadger]

So, they basically used exactly the same workaround as the 3rd party patch that's been out for a week.

The MS patch removes the call in the WMF rendering engine that calls the gdi32 Escape() function with the SETABORTPROC parameter. The 3rd party runtime patch thats been around 'for a week' killed the Escape() function's ability to receive the SETABORTPROC procedure in _all user32.dll bound applications_ called by _anything_ for _any purpose_, 'breaking' more than just the WMF rendering caller.

Microsoft couldn't have done any better because this wasn't a coding error like a buffer overflow, it was an ancient long forgotten genuine feature.