WMF vulnerability is a feature, not a bug!
- Published January 3rd, 2006 in Free Software, Upfront News, GNU/Linux
According to the F-Secure team the WMF vulnerability recently reported as affecting and acting as a way to exploit Windows XP SP2 systems is not a bug but rather a feature. Microsoft allowed WMF images to contain code in order to be able to do a callback. This bad design decision was took on 1990.
So this means that every single Windows computer, from 3.0 to Windows 2003 Server, is affected by this bug and is under seveare DANGER! Because several Windows systems are no longer maintained (everything prior to Windows XP and Windows 2000). This may be one of the worst problems in history! Congratulations Microsoft, you did it again.
From F-Secure own words:
With no vendor patch for the vulnerability available. Meaning that there are hundreds of millions of vulnerable computers in the net right now.
Get the idea? Microsoft is standing still and since it is proprietary software, no one else can correct the bug.
This is why Free Software is the way! Get Linux!
“A feature, not a bug”: last time I read such a thing was on one of those Murphy’s Laws funny texts. Never thought I’d see a real company, or even Microsoft, holding to that.
As for the last sentence… well, I think I’ll just have to hit ‘Submit Comment’ and let one of your plugins speak for me (Browser Sniff, yeah, it’s you!). ;)
:-)
Each to their own.. I’d rather not touch Linux or even Firefox thank you. Fair comment though, its a serious issue. I’ve got a Win 98 machine kicking around that I guess I’m going to have to patch manually. The reason? I use it to run a fairly old recording studio hardware - and I’m pretty sure that I wouldn’t be able to use that with Linux anyway as the reason for ‘98 is because no one ever bothered to release drivers for XP.
Gripemaster,
I’d completely understand the reasons for not using other operating system instead of Windows. There are lots of people who run applications which are only available for the Windows platform (ERP applications mainly).
Now, not using Firefox is definitely a bad measure. First of all, it poses a big problem for us, web developers/designers, since Internet Explorer does not follow most of the standards (see W3C). Secondly, Internet Explorer has plenty of bugs and exploits, helping to spread virus and worms amongst users.
Some people don’t care about the software being Free/Open or Closed. But it’s such a seveare case that anything but Internet Explorer (well, almost) is good. Take Opera if you like, though I’d pick Firefox for being Free Software :-)
As for your latest comment, the lack of drivers, that’s a problem that sometimes I ignore since I can do that. I mean, I know who’s gulty for that so I blame who made the hardware. I try to be bloody careful while choosing my hardware in order to ensure that it works correctly under Linux. Otherwise, I won’t buy it. But I realize not everyone can do that. Not everyone is a tech-savvy too!