WMF Patch Fiasco
I have been observing the steady climb of the Windows Media File (WMF) vulnerability with some interest. Whilst the intention of this site is not to report on vulnerabilities, merely their effects, there is a lesson to be learnt in this episode.
The problem is in the way various versions of Windows handle graphics in the Windows Metafile format. When a vulnerable computer opens a maliciously crafted WMF file, it can be forced to execute arbitrary code. The number of users potentially at risk is high, with all versions of Windows exhibiting the vulnerability. Microsoft published its first security advisory on Dec. 28, saying it had received notification of the problem on Dec. 27 . Security researchers first spotted malicious Web sites using the exploit on Dec. 27, but those sites may have been doing so as early as Dec. 14, they said.
Infections started rising and the noise on this topic rapidly escalated and eventually reached fever pitch today with many security researchers urging Windows users to rush to install an unofficial patch. But today Microsoft announced that it wants customers to wait another week for its official security update on January 10th. This is bound to confuse customers.
Regardless of who is right, the important trends I wish to highlight is that :
1. Vulnerabilities will continue to surface,
2. Many times this will happen before Microsoft knows about them
2. Exploits will continue to circulate very shortly (days) thereafter,
3. Infections will rapidly rise and finally
4. The "window of vulnerability" as demonstrated by this case, is 7-10 days
The bottom line is that you can't singly rely on Microsoft or patching to protect you anymore as they are now 7-10 days behind the hackers. It will be interesting to see if "unofficial patching" emerges as a trend in 2006. It certainly is performed by virtual patching devices on the network already but it would seem the trend may move to the desktops as well.
CATEGORIES : 1patching, 1endpoint security
The problem is in the way various versions of Windows handle graphics in the Windows Metafile format. When a vulnerable computer opens a maliciously crafted WMF file, it can be forced to execute arbitrary code. The number of users potentially at risk is high, with all versions of Windows exhibiting the vulnerability. Microsoft published its first security advisory on Dec. 28, saying it had received notification of the problem on Dec. 27 . Security researchers first spotted malicious Web sites using the exploit on Dec. 27, but those sites may have been doing so as early as Dec. 14, they said.
Infections started rising and the noise on this topic rapidly escalated and eventually reached fever pitch today with many security researchers urging Windows users to rush to install an unofficial patch. But today Microsoft announced that it wants customers to wait another week for its official security update on January 10th. This is bound to confuse customers.
Regardless of who is right, the important trends I wish to highlight is that :
1. Vulnerabilities will continue to surface,
2. Many times this will happen before Microsoft knows about them
2. Exploits will continue to circulate very shortly (days) thereafter,
3. Infections will rapidly rise and finally
4. The "window of vulnerability" as demonstrated by this case, is 7-10 days
The bottom line is that you can't singly rely on Microsoft or patching to protect you anymore as they are now 7-10 days behind the hackers. It will be interesting to see if "unofficial patching" emerges as a trend in 2006. It certainly is performed by virtual patching devices on the network already but it would seem the trend may move to the desktops as well.
CATEGORIES : 1patching, 1endpoint security
posted by Dwaine at 1/04/2006
0 Comments:
Post a Comment
<< Home