Loading
-
Microsoft Denies WMF Charges
Techtree News Staff, Jan 18, 2006 1845 hrs ISTMicrosoft has pleaded "not guilty" in lieu of the allegations that the Windows Metafile (WMF) bug is a "back door".
Microsoft has pleaded "not guilty" in lieu of the recent allegations that the Windows Metafile (WMF) bug is actually a "back door" planted by the company, so as to secretly access users' PCs. Last week, security researcher - Steve Gibson suggested that the image processing flaw in Windows is so bizarre, that it must be intentional.
A Microsoft official - Stephen Toulouse denied the allegation; saying that there's been some speculation that one can trigger this by using an incorrect size in one's metafile record, and that this trigger is somehow intentional; however the speculation is wrong. Toulouse gave a detailed explanation of the "SetAbortProc" function's vulnerability, and said that the flaw is an inadvertent bug and not coding by design.
Toulouse also said that WMF support was first included in Windows 3.0 in early 1990, a time very different in terms of security landscape. Many other security experts have also rejected Gibson's back-door theory.
Interestingly, all this comes post the discovery of a host of flaws in the way the Windows Graphics Rendering Engine processes Windows Metafile images. Microsoft had actually rushed an "early fix" for the flaw, breaking its monthly patching cycle.
A Microsoft official - Stephen Toulouse denied the allegation; saying that there's been some speculation that one can trigger this by using an incorrect size in one's metafile record, and that this trigger is somehow intentional; however the speculation is wrong. Toulouse gave a detailed explanation of the "SetAbortProc" function's vulnerability, and said that the flaw is an inadvertent bug and not coding by design.
Toulouse also said that WMF support was first included in Windows 3.0 in early 1990, a time very different in terms of security landscape. Many other security experts have also rejected Gibson's back-door theory.
Interestingly, all this comes post the discovery of a host of flaws in the way the Windows Graphics Rendering Engine processes Windows Metafile images. Microsoft had actually rushed an "early fix" for the flaw, breaking its monthly patching cycle.
Related Links
Tag keywords
Discussion Board
(2) Comments
Derek
,CO, on Jan 19, 2006 10:33 PM
Report abuse
Prashant
,Mumbai, on Jan 19, 2006 08:07 AM
Opinion Poll
- Which desktop web browser do you use?
-
Internet Explorer
Firefox
Chrome
Safari
Opera
Other (specify in comments)
Poll Results View Previous Polls