Microsoft to Issue WMF Security Patch
Microsoft announced early Tuesday that it had completed a patch for a widely publicized security vulnerability in Windows Media File (WMF) image processing that could lead to a full system compromise. But the fix won't be available until next week, the company said.
WMF, or Windows Metafile, is a vector based image format used by Microsoft's operating systems. SHIMGVW.DLL is loaded to render the images and contains a flaw that opens the door for a malformed WMF image to cause remote code execution and potentially allow for a full system compromise.
Within days, thousands of exploit variants were spreading to take advantage of the newly discovered flaw, prompting security vendors to rush out updates to protection software. Microsoft previously fixed a vulnerability affecting WMF and EMF files in November, which affected Windows 2000, XP and Windows Server 2003.
"When the MSRC learned of the attacks on December 27, 2005, we mobilized under what we call the Software Security Incident Response Process (SSIRP) to analyze the attack, assess its scope and determine and the appropriate guidance for customers, as well as to engage with anti-virus partners and law enforcement," explained Kevin Kean from the Microsoft Security Response Center.
"Based on that process, we have finished development of a security update to fix the vulnerability and are testing it to ensure quality and application compatibility."
However, the patch won't be available until next week's monthly Patch Tuesday release. The company says it needs time to test the fix and prepare it in 23 different languages for all affected versions of Windows.
"Our goal is to release the update on Tuesday, January 10, 2006, as part of the regular, monthly security update release cycle, although quality is the gating factor," Kean added.
Security experts from numerous companies including F-Secure, Sunbelt and Panda previously called on Microsoft to release an emergency patch as soon as possible, but Redmond officials downplayed claims of such a dire situation.
"Although the issue is serious and the attacks are being attempted, Microsoft's intelligence sources indicate that the scope of the attacks is limited," Microsoft said in a statement. "In addition, attacks exploiting the WMF vulnerability are being effectively mitigated by anti-virus companies with up-to-date signatures."