An early Microsoft fix for the security vulnerability in the Windows Meta File format accidentally got posted to the Web, and while copies of the file have been mirrored elsewhere, users should wait for the official patch, the software giant said on Wednesday.
The file, called "a fast track, pre-release version of the update" in a Microsoft blog posting, was posted to a security community site.
"There has been some discussion and pointers on subsequent sites to the pre-release code," Mike Reavey, operations manager for the Microsoft Security Response Center (MSRC), said in the blog post. "We recommend that customers disregard the postings and continue keep up-to-date with our latest information on the WMF issue."
The leaked file appeared as security professionals have started to take Microsoft to task for what they perceive as a slow response to a critical security issue. Microsoft announced on Tuesday that, while a patch has been created for the issue, it will not be released until January 10 so that it can be further tested.
An unofficial patch for the problem, released by software developer Ilfak Guilfanov, has faced enormous demand after security experts vetted the patch and declared it a good solution. A small caveat, however: At least one report of network printing problems caused by the patch has surfaced.
Posted by: Robert Lemos