Earlier today we mentioned that Steve Gibson had reported on a leaked hotfix for the WMF exploit from Microsoft.
We got a copy of the hotfix from an anonymous source who had carefully verified its authenticity by following the certificate chain backward and verifying that it was signed by the identical root certificate as other past updates.
We ran it through a quick and informal test in our labs.
And we found it easily stops at least one exploit that we tested against. The Windows Picture and Fax Viewer shows up but you don’t get exploited.
And it is the real deal. Microsoft has been very upfront about it:
“It really was an inadvertent thing that happened,” Fry Wilson said. “We have the security update on a fast track…(and) somebody accidentally posted a prerelease version on a community site. It has been taken down, and we don’t recommend customers use it–it is not the version that we will be releasing on Tuesday.”
Link here.
The good news is that, based on our early and quick tests, it looks very effective. It also appears to co-exist just fine with Ilfak’s hotfix.
Alex Eckelberry