Microsoft Disputes WMF Backdoor Claim
Steve Gibson’s Version
Steve Gibson was curious about why Microsoft was not releasing a patch for the earlier versions of Windows to remedy the WMF vulnerability. Microsoft had stated in their Technical Bulletin that they saw no need to patch the older Windows operating system because the WMF “vulnerability” didn’t affect those OS’s. Here’s what Steve Gibson concluded on his Web site grc.com.
“The only conclusion that can reasonably be drawn is that this was a deliberate backdoor put into all of Microsoft’s recent editions of Windows. WHY it was put in and WHO knew about it, and WHAT they were expected to use it for … we’ll never know.”
Microsoft’s Version
Microsoft has directly responded to accusations by security researcher Steve Gibson who claimed the company intentionally left the Windows Meta File vulnerability open as some kind of “backdoor.” The company says the function in question exists due to legacy code, not some nefarious intent.
Microsoft security program manager Stephen Toulouse responds to Steve Gibson’s claims in Microsoft Security Response Center Blog.