User demands to fix a critical Windows meta file glitch prompted Microsoft to test and release the patch in record time for the company. The patch is now available for download, and Windows managers are testing the waters to see if they encounter any major problems.
At a webcast hosted by Microsoft on Friday regarding the WMF patch, many of the questions were from IT professionals questioning the length of time it took for a patch to become available. Initial reports of the vulnerability began swirling on Dec. 27.
Debby Fry Wilson, director of the Microsoft Security Response Center, defended the time frame. Fry Wilson said the eight-day turnaround had set a new bar for patch releases. She also stressed that while exploits were serious, the spread of infection had been contained.
The company released the fix Thursday, in security bulletin MS06-001. The WMF vulnerability is deemed extremely critical and has the potential to cause a user's computer to become infected simply from viewing a Web page, an e-mail message or an instant message that contains a contaminated image.
Fry Wilson pointed to the extensive amount of testing that's necessary before a patch is ready for deployment. "When we do testing, we do it in all supporting languages," she said. "We have to ensure that all of our customers around the world are protected.
Fry Wilson also said that testing was completed earlier than anticipated. The decision to push the patch out early was the result of massive user demand.
Less than 24 hours later, users deploying the patch were not reporting any major problems, according to chat sites.
Although time frame was a large part of the webcast discussion, not everyone was unhappy with Microsoft. Scott Fendley, a handler for the Internet Storm Center (ISC) and university IT professional, said he was impressed at the quick release of the patch.
"There is always room for improvement," said Fendley. "But I believe that Microsoft has given a great example to other software companies of how critical security issues should be handled."
Microsoft plans to issue two more critical security updates this Tuesday in its regularly scheduled patch release.