Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft to Patch WMF Exploit Early

Posted by CmdrTaco on from the well-i-guess-early-is-relative dept.

Chran writes "Microsoft has just announced that they will release a security update for the .WMF-exploit today at 2pm ET, instead of Tuesday, as originally planned. Microsoft writes: "Microsoft originally planned to release the update on Tuesday, January 10, 2006 as part of its regular monthly release of security bulletins, once testing for quality and application compatibility was complete. However, testing has been completed earlier than anticipated and the update is ready for release. In addition, Microsoft is releasing the update early in response to strong customer sentiment that the release should be made available as soon as possible."

13 of 306 comments (clear)

  1. Reactive vs Proactive by biocute · · Score: 5, Insightful

    Microsoft is releasing the update early in response to strong customer sentiment that the release should be made available as soon as possible.

    It would have been nicer if they make patches available as soon as possible with or without strong customer sentiment.

    --
    Virtual Betting on Facebook for non-geeks.
    1. Re:Reactive vs Proactive by Anonymous Coward · · Score: 5, Informative

      Patch has been released.
      Get it here http://www.microsoft.com/technet/security/Bulletin /ms06-001.mspx

      According to the folks at F-secure, it co-exists well with Ilfak's unofficial patch as well as the REGSVR32 workaround. Read their blog here. http://www.f-secure.com/weblog/archives/archive-01 2006.html#00000771

    2. Re:Reactive vs Proactive by cnettel · · Score: 5, Interesting
      For an out-in-the-wild exploit, I would agree. For one that is currently, to their knowledge, not known among the script kiddies of the world, I'm not so sure. Releasing a patch will, generally, make those who are not yet prepared to implement it more vulnerable, if it means that knowledge of details is more wide-spread.

      I think that some corporate users (especially) are quite thankful for patch Tuesdays; especially those that have been bitten by some compatibility issue previously and can't just run autoupdate of all desktops at night, but rather want to roll it out manually.

      Again, this is not the case here, this exploit was discovered in the wild and it's spreading right now.

  2. and millions of /.'ers groan... by B00yah · · Score: 5, Funny

    Thank you for your interest in obtaining updates from our site.

    To use this site, you must be running Microsoft Internet Explorer 5 or later.

    To upgrade to the latest version of the browser, go to the Internet Explorer Downloads website.

    --

    How Jaded Are You?
  3. Feh ! by witte · · Score: 5, Funny

    No problem... there's plenty of other exploits for windows.

  4. 3rd person by kennygraham · · Score: 5, Funny
    Microsoft writes: "Microsoft originally planned...
    kennygraham is glad that they're patching it early.
  5. is their face red by zietlow · · Score: 5, Funny

    "in response to strong customer sentiment" Ie we look foolish that the community was able to fix it sooner than we were. Here you go, we're not that bad afterall, see?

    Let's be friends again.

    --
    Slashdot # 199661 the number that's the same upside down and right side up
  6. Re:8 Days to patch by Anonymous Coward · · Score: 5, Insightful

    ProTip : If a third party can patch it faster than you, without access to the original source code - you suck.

  7. Thank you, Big Brother by Gadren · · Score: 5, Insightful

    "It appeared that there had even been demonstrations to thank Big Brother for raising the chocolate ration to twenty grammes a week. And only yesterday, he reflected, it had been announced that the ration was to be reduced to twenty grammes a week. "

  8. MS Gets Up Early To Issue Patch! by Quiet_Desperation · · Score: 5, Funny
    "I usually sleep in to a reasonable hour for a Thursday, like, noon," said Microsoft, appearing at 8am at a press conference outside a Hardee's in Iowa, dressed in slippers and a blue bathrobe with the words 'Sexy Grandpa' emblazoned on the back. "But all you whiiiiiiiiners wouldn't let me get my rest. So I'll crank this thing out and have it on Windows Update by 11am."

    "When will the patch for the patch be released?" asked Fox News correspondent Bubbles McConnifer, causing the press corps to giggle like schoolgirls in heat.

    "Smile when you said that, bitch," growled a visibly angered Microsoft, who then motioned to two pinstripe suited thugs who escorted Ms. McConnifer from the press conference.

    "Any other questions, whores?" asked Microsoft, placing fists on hips and allowing his 'MS Certified Otakus Rule!' T-Shirt to be seen. His query was greeted by silence. "Well alright, then."

  9. Re:8 Days to patch by MatD · · Score: 5, Funny
    I'm a third party, and I can patch it right now without even touching the code. Just beat your hard drive with a hammer, and you will be immune to the exploit.

    I have no idea what the side effects of this will be for your other applications (because I didn't do any regression testing), but I'm not MS, so I don't really care. Mat

    --
    Since when did operating systems become a religion?
  10. Re:8 Days to patch by croddy · · Score: 5, Insightful
    1. Release patch 8 days late
    2. Describe it as an "early" release
    3. ???
    4. Profit!!!
  11. NO! by baadger · · Score: 5, Informative

    So, they basically used exactly the same workaround as the 3rd party patch that's been out for a week.

    The MS patch removes the call in the WMF rendering engine that calls the gdi32 Escape() function with the SETABORTPROC parameter. The 3rd party runtime patch thats been around 'for a week' killed the Escape() function's ability to receive the SETABORTPROC procedure in _all user32.dll bound applications_ called by _anything_ for _any purpose_, 'breaking' more than just the WMF rendering caller.

    Microsoft couldn't have done any better because this wasn't a coding error like a buffer overflow, it was an ancient long forgotten genuine feature.