Jan Ole Peek

The Windows MetaFile Backdoor?

Steve Gibson, well-known security expert, has taken a closer look at the recent Windows MetaFile (WMF) vulnerability that has since been fixed by Microsoft. Expecting to find another Microsoft “coding error” he instead found something that seemed to be deliberately designed into Windows. Given the nature of what it is, this would make it a remote code execution “backdoor”. In the Security Now! podcasts he says several times that this was no coding mistake or bug but rather an intentional feature of Windows. So maybe some of those “Microsoft is evil” folks out there were right because if this is true, Microsoft has had a way to remotely execute arbitrary code in your machine without your knowledge.

Leave a Comment