Richard Bejtlich wrote a good comment/wrap-up on the recent Windows WMF vulnerability and the unofficial patch from Ilfak Guilfanov hostet by SANS.
Richard summarizes:
The unofficial patch Tom references was written by Ilfak Guilfanov and described here. What is this? It’s a patch created by a non-Microsoft developer, acting more rapidly than Microsoft itself. Sure, you can argue that Microsoft is working now to develop a patch that will hopefully address deeper problems, perhaps serious problems. Nevertheless, SANS has reverse engineered the unoffical patch to ensure its validity, wrote a FAQ about the vulnerability, and is now hosting a .msi to ease patch installation. This is unprecedented.
Where is Microsoft on this issue? They published their initial advisory on 28 Dec and updated it 30 Dec. Nothing they’ve done has helped resolve the issue. Meanwhile, the Metasploit project has released a module to generate malicious WMF files. This puts exploit creation in the hands of the lowest common denomintaor.
Make sure to read his whole post.
