Interview with Ilfak Guilfanov

GrayWolf42 writes "SecuriTeam Blogs has posted an interview with Ilfak Guilfanov, one of the people developing the IDA Pro disassembler, who also happens to have written the unofficial WMF vulnerability patch. In this short interview he discusses the patch, how it works, and why he wrote it." From the article: "Q: When you heard of this vulnerability, you created a temporary patch to close the hole until Microsoft updated its software. Could you tell us more about what the patch does? A: The patch just removes this powerful command. It does not do anything else. The fix modifies the memory image of the system on the fly. It does not alter any files on the disk. It modifies [the image of] the system DLL 'gdi32.dll' because the vulnerable code is there." Microsoft has released an official update, which you should be able to download from the windows update site.

Re:bad patch...

[jferris]

For the love of [insert your diety here], read the damned article! It comes with an uninstaller, and he says it can be uninstalled immediately prior to or after patching with Microsoft's patch.

Hero?

Are you guys serious? This man is not a hero. He may be a clever programmer, talented security analyst, or an all around nice guy. No one is a hero for releasing a security patch. Heroes risk their lives for other people. Heroes are full of courage and strength. Heroes do not write security patches.

This may come as a shock, but you don't end up becoming a hero by sitting in your parents basement, drinking mountain dew, and trying to find the latest security exploit. If that's your aim you should probably step outside once in a while and do something worthwhile.