Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Firm Claims Success In Plugging Windows Metafile Holes

The president of a small IT shop that supports patch management for about 10 companies says his firm was able to protect dozens of computers at those companies it remotely monitors from the latest Windows Metafile outbreak days before Microsoft Corp. delivered the security patch on Jan. 5.

Eric Livingston is president at Private Client Technologies Inc., a five year-old company that manages IT hardware and software at small and medium size businesses. On average these businesses run about 50 computers. "The exploit took advantage of a perfectly accepted way for a WMF to register a function that Windows would call to allow it to do custom handling," Livingston said Tuesday. "Anti-virus programs didn't catch it because as far as the program was concerned it was doing a perfectly valid function."

Private Client Technologies last month signed on to assist them deliver network security to clients with Everdream Corp., which provides on-demand desktop management services for about 140,000 desktops at 250 companies worldwide. It operates under a software-as-a-service model to monitor customers' systems and deploy patches and software upgrades, and track assets.

Scott Crawford, senior analyst at Enterprise Management Associates, calls Everdream's offering a "service-as-a-service," and believes it's unique to small and medium size enterprises. "The unique part is offering a service that goes beyond patching to offer analyzing security risks like the WMF vulnerability and putting out remediation until patching is made available," he said.

Everdream created a "workaround" to help customers until Microsoft released the security patch. The Windows Metafile that created a huge security hole by allowing hackers to infect computers using programs maliciously inserted into what seems a harmless image files was first discovered last week. But the possibility for attacks escalated when hackers published the source code used to exploit it.

  • 1