Windows Metafile Bug: Microsoft In Hot Seat Again

Managing security patches for bugs such as WMF only adds to an already long list of issues—such as compliance—that companies have to deal with, said Mike McKinzie, president of security solution provider Securtek, Irvine, Calif. “That&'s where the real challenge is, managing that whole process,” he said.

The recent WMF exploit allows a hacker to compromise a desktop by sending malicious code within a graphic image file or via a Web site that contains the specially crafted image. Users who click on a link will be directed to a site where the image resides. It&'s a perfect example of why companies should be controlling Web traffic with filtering solutions, McKinzie said.

VARs will have the opportunity to sell solutions customers may not have thought they needed, added John Notham, director of channel sales and development at security vendor Websense, San Diego. “If someone doesn&'t have content filtering, this should be a red flag to look into it,” he said. Microsoft, Redmond, Wash., originally planned to release a patch on Jan. 10, but after a prerelease version was leaked to a security community site late last Tuesday, it released the patch early on Jan. 5.

The company is more on top of security issues, said Monte Robertson, president of Software Security Solutions, Lakewood, Colo. “Windows security has gotten better by the simple fact that they have recognized there are problems and security has been elevated in priority and is now on more people&'s close-field radar,” he said.

Microsoft says it is indeed working to improve security and claims its products are better than the alternative. “The Microsoft enterprise database solution offers a significant advantage in terms of reported vulnerabilities relative to comparable open-source offerings,” said Debby Fry Wilson, director of the Microsoft Security Response Center.