What happens when Microsoft reveals a major security flaw, but says they won’t have the fix for at least a week?
Ilfak Guilfanov’s personal Web site has been taken offline by his hosting provider after hordes of Microsoft users scrambled to download his unofficial patch against the Windows Metafile vulnerability.
[…]
The site was temporarily closed as “half the planet tried to download WMFFIX_HEXBLOG.EXE.” reported F-Secure in its blog. “The resulting traffic amounts were so huge that his hosting provider actually shut his site down.”
At the time of writing, the unofficial patch is again available from Guilfanov’s site. It is also available from the Sunbelt Blog.
Microsoft has advised businesses not to use the patch, as the company cannot guarantee it will work. But with no official patch is due to be released until next week, security experts are urging businesses to use the unofficial patch because of the serious nature of the WMF vulnerability.
The WMF flaw can be used by malicious software to surreptiously install spyware on a user’s PC or allow a hacker to control the machine remotely.
I don’t know… with hundreds, or even thousands, of people they can put on a problem of this magnitude, you would think they could get a fix out quicker.
Meanwhile, we even have the frickin’ NSA working on better security for Linux.
Update: F-Secure’s blog offers several other download addys: