Interview with Ilfak Guilfanov

GrayWolf42 writes "SecuriTeam Blogs has posted an interview with Ilfak Guilfanov, one of the people developing the IDA Pro disassembler, who also happens to have written the unofficial WMF vulnerability patch. In this short interview he discusses the patch, how it works, and why he wrote it." From the article: "Q: When you heard of this vulnerability, you created a temporary patch to close the hole until Microsoft updated its software. Could you tell us more about what the patch does? A: The patch just removes this powerful command. It does not do anything else. The fix modifies the memory image of the system on the fly. It does not alter any files on the disk. It modifies [the image of] the system DLL 'gdi32.dll' because the vulnerable code is there." Microsoft has released an official update, which you should be able to download from the windows update site.

SecuriTeam blogs

[GrayWolf42]

Seems like the site also provides with a binsiff output of the Microsoft patch: http://blogs.securiteam.com/index.php/archives/184 The "SecuriTeam Blogs" site has been a very good source for real-time security information since it came online.

Re:Microsoft can boost your notariety

[Rolan]

Why didn't anyone a Microsoft think of this solution?

They did. The official patch has the same end effect as the unofficial one. The only difference is in method. Microsoft modified the source code to remove the vulnerability instead of removing it in memory.