Helping people with computers... one answer at a time.

Was Microsoft's WMF Exploit response fast enough?

QAn # 'M{pz'6RllDU^;iR$.30[JsVmXo$b-鞬j+N'UDT]QnU9zaLJ1)cGg? BuB#$ ӈhd**i ]+p >IzϹ"M.:Ϣƒ}Jyc! # Ul:"F|XfN.mDh5~er3- Ƿѵ|:Su )jE0s @7l<


I'm sure you're tired of hearing it, so I'll only say it once: if you haven't installed the official Microsoft patch for the WMF Exploit, go do it now. I've got links in the show notes.

The sequence of events surrounding the WMF exploit is actually pretty interesting. A big bad bug is found and publicized, and while Microsoft is testing their official fix for the problem, several rogue patches are released, the tech press even starts to recommend that those rogue patches be used, and finally the mainstream press starts to apply pressure for it to be released as soon as possible. After about a week or so of public vulnerability, Microsoft engages and does exactly that, releasing the WMF patch roughly four days ahead of schedule.

Should it have been released even earlier?

There's a huge risk when a situation becomes so serious that unofficial patches and workarounds become recommended solutions. In this case I've not heard of any problems, but the opportunity for error, or even maliciousness, is huge. Getting the official fix for such a public, high profile error, has to happen quickly.

Now I know some people consider me a Microsoft apologist because I worked there for many years, but I really do understand Microsoft's side of the situation as well. Windows is an incredibly complex piece of software, and the test matrix - the sequence of scenarios, applications and hardware configurations that changes must be tested against - is massive. More massive, I expect, than most people realize. And the cost of "getting it wrong" can be very high. A high priority fix produced and released under high visibility at high speed can't be allowed to meet anything other than the highest quality bar. And yes, there is a release process - a bureaucracy even - in place to make sure that happens.

But is it fast enough?

It might be time for Microsoft to get creative. Perhaps by releasing a provisionally approved patch when the situation is serious enough. Yes, that might require fixing the fix, should problems become evident and the possibility of handling that would have to be part of the plan.

It boils down to some serious risk analysis on Microsoft's part. Is it better to allow a known exploit to remain in the wild, where it, or rogue patches potentially damage customers machines, or would it be better to -release a not-quite-fully-cooked solution quickly that could be further updated as needs warrant?

I know what I, as a user, would vote for.

I'd love to hear what you think. Visit, and enter 9679 in the go to article number box. Leave a comment, I read them all. And while you're there: sign up for my free weekly newsletter.

This is a presentation of, a free on-line technical question and answer service. Hundreds of questions and answers are online and ready to help solve your computer problems.


Article C2518 - January 11, 2006 « »

Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

1 Comment
Larry Osterman
January 12, 2006 1:48 PM

It's my understanding that the unofficial fix broke printing for many brands of printers.

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to to ask your question.