Microsoft WMF Patch released
Microsoft has finally released a patch for the WMF buffer overrun exploit in Windows, so we can all breath a sigh of relief (at least until the next ime). As a software professional, I really pity the engineers at Microsoft - having to suffer the decisions made in designing Windows over the last 15 years whilst defending against the latest and greatest attack. But, as a consumer I can’t wait 9 days for a fix when my local emergency services, banks and hospitals all depend on Windows to work. The SANS Institute newletter highlights the problem so well:
If 9 days is rapid and extraordinary response, and the US government has ceded responsibility for correcting its most widely used software to the vendors, what will we do when the attack comes from a nation-state adversary and tens of thousands of computers are having critical data destroyed every hour?