coolgoose

The software giant finished up testing on the official patch for the vulnerability in the Windows Meta File (WMF) format on Thursday and began releasing the fix though Windows Update and its download sites around 2 p.m. PST.
Microsoft released the patch as security professionals started to take the software giant to task for what they perceive as a slow response to a critical security issue. The flaw in the WMF format concerned many security experts over the holidays because the vulnerability can be exploited in Internet Explorer by serving up specially-crafted images from a malicious Web site. The Mozilla Corporation's Firefox browser does not immediately run code but reportedly asks permission to display the malicious images.

Microsoft originally announced on Tuesday that, while a patch had been created for the issue, it would not be released until January 10 so that it could be further tested.

"The development and testing teams have put forth a considerable effort to address this issue and respond to the strong customer sentiment that the release should be made available as soon as possible," the software giant said in a statement sent to SecurityFocus.

An unofficial patch for the problem had been released by software developer Ilfak Guilfanov and had encountered enormous demand after security experts vetted the patch and declared it a good solution. According to the SANS Institutes's Internet Storm Center, the patch released by Microsoft uses essentially the same tactic as Guilfanov's patch but whereas Microsoft could recompile the affected module with the fix, Guilfanov could not.

At least one report of network printing problems caused by the Guilfanov's patch surfaced on Wednesday.

The latest Sober virus (known as W32.Sober.X@mm, Sober.Y and W32/Sober@MM!M681) has passed its January deadline for updates without incident.
The Sober virus and its variants have been one of the most prolific of 2005 and has topped the charts again in recent months. In early December, anti-virus vendors cracked the algorithm the virus uses to search for updates, allowing the next set of Web sites to be blocked and Web hosting companies to be notified. The virus was set to search for updates from thirty unique websites, fifteen each on January 5th and January 6th.

This week Sober has plummeted in virus rankings and has effectively ceased to spread, thanks to the combined effort by anti-virus firms and security professionals worldwide. Existing infections will continue to search for updates; ISPs are advised to watch traffic patterns and notify customers they are still infected.

In an unusually positive twist, the Sober virus was responsible for catching a 20-year-old child-porn predator in Germany. However the virus was also responsible for Nazi-like hate spam earlier in the year.
source