Microsoft trying to put F.U.D. on Guilfanov 'temporary' patch

["Fergie" <fergdawg () netzero net>]

Not sure I like how this story is worded. I mean, I realize
that MS won't exactly endorse it, but WTF...

Via eWeek.

[snip]

Microsoft Corp. has slapped a 'buyer beware' tag on a third-party patch for the zero-day Windows Metafile flaw and 
promised that its own properly tested update will almost certainly ship Jan. 10.

The company's latest guidance comes days after an unofficial hotfix from reverse-engineering guru Ilfak Guilfanov got 
rare blessings from experts at the SANS ISC (Internet Storm Center) and anti-virus vendor F-Secure Corp.

Guilfanov, author of the IDA (Interactive Disassembler Pro), released an executable that revokes the "SETABORT" escape 
sequence that is the crux of the problem. The hotfix was tested and approved for use by many security experts, but 
Microsoft says it cannot vouch for the quality of the fix.

[snip]

http://www.eweek.com/article2/0,1759,1907562,00.asp

- ferg


--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg () netzero net or fergdawg () sbcglobal net
 ferg's tech blog: http://fergdawg.blogspot.com/


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.