Windows patch leaked

The official Microsoft patch for the widely exploited Windows Metafile vulnerability was leaked to the internet yesterday, in what the company described as an accident.

Microsoft security manager Mike Reavey blogged: a pre-release version of the update was briefly and inadvertently posted on a security community site… We recommend that customers disregard the postings.

The company is in testing with the patch at the moment, and plans to release it on Tuesday, as part of its regular monthly security update.

At least two bootleg patches have also been released since the vulnerability, which enables hackers to break into computers when users merely view a specially created image file, was broadly disclosed last week.

According to Steve Gibson of Gibson Research Corp, who first broke the news of the leak, the patch works, is compatible with unofficial third-party patches, and was compiled on December 28, within 24 hours of the vulnerability being discovered.

Conspiracy theorists could postulate that the leak could have been a deliberate move to deflect criticisms at the apparent tardiness of delivering the patch, to show Microsoft was on the ball from day one. Microsoft denies this.

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

Sign up for our regular news round-up!

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

I would also like to subscribe to:

Thank you for subscribing