January 17, 2006 2:21 PM PST

WMF flaw not intentional, Microsoft says

by Joris Evers

Microsoft has denied a suggestion that a widely-publicized security vulnerability in its Windows operating system is a secret "back door" added by the software maker as a way to access PCs.

"Now, there??s been some speculation that ... this trigger was somehow intentional. That speculation is wrong," Stephen Toulouse, a program manager in Microsoft's Security Response Center, wrote on a Microsoft corporate blog Friday.

On Thursday last week, researcher Steve Gibson suggested that the image processing flaw in Windows is so bizarre that it must have been intentional. The suggestion caused a deluge of comments on Slashdot and many responses to security mailing lists, with most dismissing the back door theory.

The flaw lies in the way the Windows Graphics Rendering Engine processes Windows Meta File images. The bug was first discovered late last month as it was being exploited by cybercriminals. Microsoft rushed out a fix on Jan. 5, breaking its monthly patching cycle.

Toulouse's comment is part of a blog post that discusses the history of the vulnerability and how it was introduced in Windows. He mentions that WMF support was first included with Windows 3.0 in early 1990, a" different time in the security landscape." Microsoft has said it was unfamiliar with this type of attack vector and will scour its code for similar problems.

Topics:: Security,; Microsoft

Share:: Digg; Del.icio.us; Reddit; Facebook

About News Blog

Recent posts on technology, trends, and more.

Add this feed to your online news reader

Inside CNET News

Scroll Left Scroll Right

The Space Shot
Weather threatens Saturday shuttle launch
A month late because of a now repaired hydrogen leak, NASA is preparing the shuttle Endeavour for launch Saturday on a 16-day space station assembly mission.
Gallery
Photos: The surface of the moon, here on Earth
The Open Road
Trent Reznor: 'So you want to make money on the Web'
In a post that could easily explain the emerging open-source software business model, Nine Inch Nails lead details how to make money in music.
Beyond Binary
Microsoft aims for Silverlight at end of the tunnel
The software maker concedes it has a long way to go to reach the ubiquity of Adobe's flash, but notes it has come a long way in a little less than two years.
Video
Video: iPhone 3G S launch in New York City
Digital Media
Report: MySpace to push deeper into entertainment
News Corp. has plans to turn MySpace into an entertainment portal. How much more entertainment can the site add?
Video
A recipe for high-tech chocolate
Geek Gestalt
Road Trip pic of the day, 7/10: What is it? Who made it?
This artwork is in Utah, near the Nevada border. For today's Road Trip picture of the day challenge, be the first to tell me what it is and who the artist is, and you win a prize.
Cutting Edge
Americans see science as lagging here
The public appreciates scientific advancement but thinks the U.S. has fallen from its pedestal, according to a new Pew survey. Scientists, ahem, disagree.
Gallery
Images: The many faces of the smart grid
Digital City Podcast
Digital City No. 40: Google's Chrome OS vs. stealing cell phones vs. NYC subway map phone apps
Episode 40 of the Digital City, Google's new Chrome OS, and what it means for Netbooks and Microsoft; some not-too-bright cell phone thieves; how Scott semi-scammed a new iPhone 3GS; and some new apps for navigating the NYC Subway system.
Green Tech
Chasing the Toyota Prius' 50-mpg nirvana
CNET News' Martin LaMonica, an early buyer of the 2010 Toyota Prius, finds that the car gets good mileage but there's clearly more to learn.

WMF flaw not intentional, Microsoft says

Security,

Microsoft

Report offensive content:

E-mail this comment to a friend.

Warning! You will be deleting this comment and all its replies (if applicable).

Most Popular

Can RIM get its mojo back?

With Chrome, Google reignites the OS wars

About News Blog

Inside CNET News