Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Windows Metafile Patch Leaks To The Web

In its rush to put a patch for Windows' newest vulnerability through its paces, Microsoft accidentally released a preliminary version of the fix to the Web, the company confirmed Wednesday.

The Redmond, Wash.-based developer's security research center (MSRC) acknowledged the goof in a blog entry by operations manager Mike Reavey.

"In our effort to put this security fix on a fast track, a pre-release version of the update was briefly and inadvertently posted on a security community site," wrote Reavey. "There has been some discussion and pointers on subsequent sites to the pre-release code…[but] we recommend that customers disregard the postings."

The leak, as well as comments made by other Microsoft executives Wednesday, supports the company's contention that the planned patch is completed, and gives credence to the idea that although it remains in testing pending the already-announced Tuesday, Jan. 10 release date, it could be released earlier if necessary.

Steve Gibson, president of Gibson Research, downloaded the pre-release patch and tested it. "The updated GDI32.DLL file contained in this patch was built in the evening of December 28th, last Wednesday," wrote Gibson in an alert on his Web site. "It is clear that Microsoft jumped on this problem — and had it resolved — almost immediately."

  • 1