Select Page

Those of you in the security space late last December will remember the WMF exploit.  The week the WMF exploit hit was absolutely intense, even more so since it hit right around the holidays.

James Voorhees consulted with a number of individuals and companies (including Sunbelt) and has written a good overview of what happened during that whole time, and you can read it here.  

It would be too much to say that all was calm over the Christmas weekend in 2005. All the same, Deborah Hale, a handler at the Internet Storm Center, found it so quiet on 27 December that she speculated that “Perhaps all of the script kiddies got new computers for Christmas and haven’t gotten fully up to speed yet.” (Hale, 2005). Within hours, however, frenzy would replace that quiet as telephone calls and email messages showed that a vulnerability in Windows Metafile Format (WMF) files, heretofore unknown to most of the world, was being exploited. Exploits multiplied exponentially from that time on, with 200 individual exploits and more than 1100 infectious URLs appearing before Microsoft issued a patch (Symantec, March 2006; Websense, January 5, 2006). The vulnerability gained the attention of the entire security community. Extraordinary efforts were made to find a fix for the problem. But no complete fix was available to most users until Microsoft made its patch available more than a week later, on Thursday, 5 January 2006.

Alex Eckelberry