WMF unofficial patch updated
There’s been an update to the unofficial patch for the WMF (Windows MetaFile) vulnerability. The main change appears to be some options to allow for quiet installation (unattended) to help administrators in large environments try to roll the patch out in automated login scripts/etc.
It can be found here or at the incidents.org site.
My biggest question at this point is how long before Microsoft releases a patch and how similar it will be to the unofficial patch. I’m sure they want to do some quality control testing on anything they release so it’s thoroughly tested, but…. I would have thought with a severe problem they might have published a “this should solve the problem but it may have other unintended consequences” stopgap.
Hopefully there will be an official patch this week, but don’t hold your breath.
I saw someone comment that Microsoft should pay the “unofficial patcher…” to incorporate his fix into theirs. You would think that his work would make what they’re trying to do easier. One thing though, Microsoft has traditionally seemed slow to swallow it’s pride and accept anything from outside their walls as a good thing. It’s going to be an interesting week or two, no doubt….