Skip to main content

Can you afford to wait for WMF patch?

You wouldn’t trust a complete stranger with the keys to your house but this is exactly what security experts are prescribing in a desperate bid (opens in new tab)to scupper the threat posed by the Windows Metafile (WMF) Vulnerability, dubbed by the mother of all vulnerabilities as it affects all Windows Platforms since 1995.

Antivirus vendor F-Secure (opens in new tab)and the SANS Internet Internet Storm Center are both pressing users to use an unofficial patch from security software developer Ilfak Guilfanov (opens in new tab).

Ilfak is no newcomer when it comes to patch work but some system administrators have voiced their reluctance to the idea of installing a patch that is not supported by Microsoft itself.

After all, who would provide help and support if the patch wreaks havoc in computer systems on which it is installed. Still, admins could be in an even greater danger if they ignore the patch as Microsoft is still not scheduled to release the official vulnerability patch until 10th of January 2006. That's still a couple of working days away.

In the meantime, I would definitely advise everyone to up their vigilance. You can bet your newly acquired iPod Nano that some wise guy is going to disguise a nasty piece of software as Ilfak’s patch and spam everybody in the next few hours.

Désiré has been musing and writing about technology during a career spanning four decades. He dabbled in website building and web hosting when DHTML and frames were en vogue and started writing about the impact of technology on society just before the start of the Y2K hysteria at the turn of the last millennium. Following an eight-year stint at ITProPortal.com where he discovered the joys of global tech-fests, Désiré now heads up TechRadar Pro. Previously he was a freelance technology journalist at Incisive Media, Breakthrough Publishing and Vnunet, and Business Magazine. He also launched and hosted the first Tech Radio Show on Radio Plus.