The reaction to WMF

By on

The new year wouldn’t be complete without Microsoft announcing another security flaw. What is different about the latest one, however, is that it seems to affect virtually every single version of Windows right back to that granddaddy version 3.0.

According to findings from web security company ScanSafe, this new threat is one of the most pervasive to hit the internet over the past couple of years.

"We have seen the large potential impact of this threat and, given the time it will take IT to patch all the affected systems, the number of users who are exposed to it is sure to grow significantly," said ScanSafe's chief executive officer Eldar Tuvey.

"The fact that this threat permeates all aspects of corporate communications, unprotected businesses are at real risk of an attack."

F-Secure's chief research officer Mikko Hypponen estimated that 99 per cent of computers worldwide are vulnerable to attack using this flaw.

"The WMF vulnerability probably affects more computers than any other security vulnerability, ever," said Hypponen.

Initially, organisations had to rely on third-party patches from Ilfak Guilfanov, an independent software developer, while Microsoft came out of its monthly cycle to officially announce the problem and release a quick patch because the flaw was rated as "critical".

The vulnerability has even got the Redmond giant to start looking through its entire codebase for other exploits.

Debby Fry Wilson, a director at Microsoft's Security Response Center, told the media that Microsoft's customers could expect the company to "scrub the code to look for any other points of vulnerability based on this kind of attack."

But others warn that this new bug hunt will bring further problems.

"One of the risks that Microsoft faces, following its admission to search through all of its legacy code, is that it may have encouraged hackers to join in the search," said Tom Newton, product development manager at firewall company SmoothWall.

"If hackers turn out in force to hunt down new vulnerabilities, it is likely we will see a significant increase in zero-day exploits and subsequent levels of spam, viruses and DDoS attacks increasing proportionally," he added.

Copyright © SC Magazine, US edition
Tags:

Most Read Articles

Log In

Username:
Password:
|  Forgot your password?