Home > Security News > Microsoft defends handling of WMF patch
Security News:
EMAIL THIS LICENSING & REPRINTS

Microsoft defends handling of WMF patch

By Joan Goodchild, News Writer
09 Jan 2006 | SearchSecurity.com

Security Wire Daily News
Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google

User demands to fix a critical Windows meta file glitch prompted Microsoft to test and release the patch in record time for the company. The patch is now available for download, and Windows managers are testing the waters to see if they encounter any major problems.

At a webcast hosted by Microsoft on Friday regarding the WMF patch, many of the questions were from IT professionals questioning the length of time it took for a patch to become available. Initial reports of the vulnerability began swirling on Dec. 27.

Debby Fry Wilson, director of the Microsoft Security Response Center, defended the time frame. Fry Wilson said the eight-day turnaround had set a new bar for patch releases. She also stressed that while exploits were serious, the spread of infection had been contained.

The WMF saga

Microsoft releases WMF patch early

Experts express concern over WMF patch delay

Microsoft plans WMF fix next week

New WMF worm in wild; unofficial fixes circulating

Windows image flaw now 'extremely critical'

The company released the fix Thursday, in security bulletin MS06-001. The WMF vulnerability is deemed extremely critical and has the potential to cause a user's computer to become infected simply from viewing a Web page, an e-mail message or an instant message that contains a contaminated image.

Fry Wilson pointed to the extensive amount of testing that's necessary before a patch is ready for deployment. "When we do testing, we do it in all supporting languages," she said. "We have to ensure that all of our customers around the world are protected.

Fry Wilson also said that testing was completed earlier than anticipated. The decision to push the patch out early was the result of massive user demand.

Less than 24 hours later, users deploying the patch were not reporting any major problems, according to chat sites.

Although time frame was a large part of the webcast discussion, not everyone was unhappy with Microsoft. Scott Fendley, a handler for the Internet Storm Center (ISC) and university IT professional, said he was impressed at the quick release of the patch.

"There is always room for improvement," said Fendley. "But I believe that Microsoft has given a great example to other software companies of how critical security issues should be handled."

Microsoft plans to issue two more critical security updates this Tuesday in its regularly scheduled patch release.



Sound Off! -   Be the first to post a message to Sound Off!


Tags: Spyware, Adware and TrojansWindows XP and Server SecurityVIEW ALL TAGS

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google


TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineWebcastsWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Advanced Search | Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




All Rights Reserved, Copyright 2003 - 2008, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts