Security Now! Transcript of Episode #22

In a recent edition of Security Now! Steve Gibson details why he believes Microsoft intentionally introduced the WMF feature responsible for last week’s zero-day vulnerability. Gibson is now on a quest to discover exactly when this feature made it’s way into Windows and who is responsible for it. This is particularly troubling when taken in context with Microsoft’s ambition to enter the security services market, something I’ve talked about before. I’ll definitely be keeping my eye on this one.

update: Despite the stir Gibson’s claims have created, it would seem his argument is without merit. The story has been dbunked by at least 2 people in the community. Stephen Toulouse, Communications Manager for security response at Microsoft (ie: media frontman for MS Sec) posted his answer to various questions about the WMF feature on the MSRC blog. Thomas C. Green also posted a blistering critique of Gibson’s story completely ripping it to shreds. Green’s not exactly friendly to Microsoft either for that matter…