There has been a bit of a debate over Steve Gibson’s recent postulate that the WMF exploit was possibly a backdoor deliberately put into Windows by Microsoft or a rogue Microsoft programmer.
From Steve in introducing his podcast on the subject:
Leo and I carefully examine the operation of the recently patched Windows MetaFile vulnerability. I describe exactly how it works in an effort to explain why it doesn’t have the feeling of another Microsoft “coding error”. It has the feeling of something that Microsoft deliberately designed into Windows. Given the nature of what it is, this would make it a remote code execution “backdoor”. We will likely never know if this was the case, but the forensic evidence appears to be quite compelling.
Windows internals expert Mark Russinovich responds to Steve’s comments with a new blog entry, that puts the matter to rest: It is almost certainly not a backdoor: It is simply poor design:
The vulnerability is subtle enough that the WINE project, whose intent is to implement the Windows API for non-Windows environments, copied it verbatim in their implementation of PlayMetaFile. A secret backdoor would probably have been noticed by the WINE group, and given a choice of believing there was malicious intent or poor design behind this implementation, I’ll pick poor design. After all, there are plenty of such examples all throughout the Windows API, especially in the part of the API that has its roots in Windows 3.1. The bottom line is that I’m convinced that this behavior, while intentional, is not a secret backdoor.
(Hat tip to Larry Seltzer)