Interview with Ilfak Guilfanov

GrayWolf42 writes "SecuriTeam Blogs has posted an interview with Ilfak Guilfanov, one of the people developing the IDA Pro disassembler, who also happens to have written the unofficial WMF vulnerability patch. In this short interview he discusses the patch, how it works, and why he wrote it." From the article: "Q: When you heard of this vulnerability, you created a temporary patch to close the hole until Microsoft updated its software. Could you tell us more about what the patch does? A: The patch just removes this powerful command. It does not do anything else. The fix modifies the memory image of the system on the fly. It does not alter any files on the disk. It modifies [the image of] the system DLL 'gdi32.dll' because the vulnerable code is there." Microsoft has released an official update, which you should be able to download from the windows update site.

Microsoft can boost your notariety

[digitaldc]

The guy removes one line of code and becomes famous almost instantly.
Why didn't anyone a Microsoft think of this solution? They might have been put in charge of their own security team.

Re:From the Interview...

[hey]

And everytime the cracker time finds a hole Balmer throws a chair at them.

Re:Microsoft Update

[wiz31337]

I just received an e-mail that the IT department where I work will be pushing out the new Microsoft Patch at 2:00PM.

On a related note: This may be my last /. post for today.

Re:Root of the problem

[Pike]

"All they will get you is a beautifully designed, perfectly coded boneheaded security hole."

  - at best.

It might have bugs, which might close the security hole.

irony

[seudafed]

http://www.datarescue.com/freefiles/funnyad.jpg

Re:Patch doesn't work for me

[Fishstick]

>I'm not sure [..] if Windows is just POS software.

Really? Let me clear that up for you ...