[Dshield] WMF Ilfak Guilfanov workaround

stu secmail at patchsupplier.dyndns.org
Sun Jan 1 19:34:26 GMT 2006

Yes I appreciate what you're saying, and I am actually a fan of
Microsoft, I think it was you that told me about the amount of testing
they have to go through. Would it not be easier for them to release
individual patches per platform rather than a one for all? 

Such as when a patch for 2003 has been tested release it, instead of
waiting for patches for 98, 2000, XP and 2003 to be tested before

-----Original Message-----
From: list-bounces at lists.dshield.org
[mailto:list-bounces at lists.dshield.org] On Behalf Of Roger A. Grimes
Sent: 01 January 2006 17:13
To: General DShield Discussion List
Subject: Re: [Dshield] WMF Ilfak Guilfanov workaround

stu wrote:
> It's a sad day when patches have to come from the community instead of

> the vendor :)

Microsoft will have a patch out as quickly as it is possible for them to
do it. They have already issued multiple workaround suggestions, and I'm
sure are already working on the patch. This bug is pretty huge, for
them, affecting all platforms, so the regression testing work will be as
large for them as it could be. Talking to their teams before, I know
that even simple patches require 100's to 1000's of individual tests.
It's just not something that can be done in a day or two.

I'm not cutting them a break for the bug, but I'd rather have a solid,
well tested, patch, and not a buggy incremental fix.

In the interim, it also gives administrators an opportunity to begin
another round of end-user education, giving a real-time example of how
clicking on untrusted emails and links can lead to bad things. Somehow,
I suspect this is just a precursor of things to come in 2006, as the
crimeware gets more aggressive.


*Roger A. Grimes, Banneret Computer Security, Consultant 
*CPA, CISSP, MCSE: Security (2000/2003/MVP), CEH, yada...yada...
*email: roger at banneretcs.com
*Author of Honeypots for Windows (Apress)

More information about the list mailing list