Microsoft: Beware of Third-Party WMF Patch

Found on eWEEK on Monday, 02 January 2006

Microsoft Corp. has slapped a 'buyer beware' tag on a third-party patch for the zero-day Windows Metafile flaw and promised that its own properly tested update will almost certainly ship Jan. 10.

The company's latest guidance comes days after an unofficial hotfix from reverse-engineering guru Ilfak Guilfanov got rare blessings from experts at the SANS ISC (Internet Storm Center) and anti-virus vendor F-Secure Corp.

In a blog entry, Johansson said enterprise IT administrators must carefully consider the risks involved before thinking of applying Guilfanov's hotfix. "The patch is an executable and has to be run on each vulnerable system, meaning cost of implementation is potentially very high."

If security experts from SANS and F-Secure think the unofficial patch is safe, then it probably is. Of course MS cannot recommend to install it, but if it protects you until the official fix is out, there shouldn't be anything wrong with doing so.

Browse all articles« Previous « » Next »