Hi, Stephen Toulouse writing in a Microsoft security blog has now confirmed that the Microsoft has known about the WMF flaw for many years: Looking at the WMF issue, how did it get there? http://blogs.technet.com/msrc/archive/2006/01/13/417431.aspx "The potential danger of this type of metafile record was recognized and some applications (Internet Explorer, notably) will not process any metafile record of type META_ESCAPE, the overall type of the SetAbortProc record." "The reason Windows 9x is not vulnerable to a "Critical" attack vector is because an additional step exists in the Win9x platform: When not printing to a printer, applications will simply never process the SetAbortProc record." This blog entry raises a number of important questions about Microsoft's policy for handling security flaws in the Windows operating system: 1. Given the obvious dangers with SetAbortProc records, why didn't Microsoft simply disable the feature in the Windows operating system altogether and come up alternate for aborting printing of WMF files? Why were all the inadequate work-arounds in application code pursued instead? 2. How come word about the dangers of the WMF file format did not make it to the Windows NT, 2000, and XP development teams as well as the team responsible for the Picture and FAX viewer? 3. Given the history of problems with WMF files, why hasn't support for them been removed from Internet Explorer? Also shouldn't WMF files be marked in the registry as not safe-for-downloading? Richard M. Smith http://www.ComputerBytesMan.com
