p2p news / p2pnet: Remember the latest Microsoft WMF security mess?

Bill and the Boyz still haven’t come to grips with it, although an early version of the upcoming fix was accidentally released.

The potential security threat is huge, said F-Secure’s Mikko Hyppönen. "It’s probably bigger than for any other vulnerability we’ve seen. Any version of Windows is vulnerable right now."

Now, "I just wanted to provide another quick update on the WMF vulnerability situation," posts Mike Reavey on the Microsoft Security Response Center Blog, going on:

"Microsoft is continuing to work on finalizing a security update for the vulnerability in WMF that is currently being exploited by some malicious attackers.

“The update has been on an expedited track since Microsoft became aware of the attacks on December 27th. We still anticipate releasing the security fix for this issue on January 10, 2006, once testing for quality and application compatibility is complete.

"The expedited track to investigate the vulnerability and develop the security udpate includes redirecting resources from other security development and testing efforts to primarily focus around the clock on producing and releasing the WMF security update.

"In our effort to put this security fix on a fast track, a pre-release version of the update was briefly and inadvertently posted on a security community site. There has been some discussion and pointers on subsequent sites to the pre-release code. We recommend that customers disregard the postings and continue keep up-to-date with our latest information on the WMF issue at http://www.microsoft.com/technet/security/advisory/912840.mspx."

Also See:
probably bigger – New Windows virus threat ‘huge’, January 3, 2006

This entry was posted on Thursday, January 5th, 2006 at 9:11 am and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

HOME

Viewed 2084 times