When Independent Security Experts Patch Windows Faster Than Microsoft

from the doesn't-look-good dept

There’s been a lot of talk the last few days about the latest exploit found on Microsoft Windows platforms that could be used to install various malware just by making someone view an image. However, the really interesting thing is that while Microsoft is scrambling to make a patch, an independent security researcher has come out with his own patch that security firms are recommending people use until Microsoft gets its act together. In the past, of course, people were warned not to trust third-party patches, but as exploits taking advantage of vulnerabilities show up faster and faster, the race will soon be on for others to create security patches as well, which could create problems if not all of those patches are safe. Update: Meanwhile Microsoft is telling folks to just hang in there, and they’ll get a patch out in a week or so.

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “When Independent Security Experts Patch Windows Faster Than Microsoft”

Subscribe: RSS Leave a comment
Nate says:

Must be nice...

Must be nice to not have to answer to the customers, or in reality the media more, if the patch destroys certain configurations. That’s pretty much the view of the writers of that “patch”. If the patch screws up hundreds of thousands of computers everyone will say, “Oh well, at least they tried. It was more than Microsoft did.” (Wow…I actually managed to write Microsoft without putting dollar signs in it or spelling it wrong…imagine that)

Stu says:

the recent WMF exploit

If you are referring to the “WMF” exploit, you should be aware that all browsers are vulnerable.

To quote Brian Livingston’s excellent – and free Windows Secrets newsletter, “Every browser is vulnerable ? IE, Firefox, Opera, and others ? because the image is not being rendered by the browser. It’s rendered by Windows’ own Picture and Fax Viewer (Shimgvw.dll, also known as the Shell Image View Control). New versions of Firefox do display an alert when a suspicious image is encountered on a Web page. But since viewing an image is usually harmless, most users will click OK, exposing themselves to infection.”

I installed the unofficial patch on my network. It was quick, easy, and includes an uninstall. It does require a reboot.

Check out Windows Secrets at: http://www.windowssecrets.com/

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...