Zero-day WMF flaw underscores patch problems
For four days in January, network administrators and security-savvy home users had a choice: Download and install an unofficial open-source fix for the critical flaw in the Windows Meta File (WMF) format or wait an estimated week for an official patch from Microsoft. With security experts warning about the spread of exploits for the flaw in Microsoft’s Windows operating system, tens of thousands of people downloaded the patch from the Web site of security software developer Ilfak Guilfanov and other Web sites that hosted the file, according to numbers provided to SecurityFocus. Full Story