WMF: Researchers Dispute Which Windows Versions Are Vulnerable


Most security researchers (and even Microsoft) have been claiming that the WMF vulnerability affects all Windows versions in living memory. F-Secure even claims that all versions back to Windows 3.0 in 1990 are affected, Now iDEFENSE is claiming, based on their tests, that not all of this is true. Their claims:

Vulnerable on Default Configurations
Windows XP, SP1, SP2
Windows 2003, SP1
Lotus Notes may also contain it's own vulnerable DLL and needs to be validated

Windows 2000, ME, and 98 are NOT vulnerable
Windows NT has not been tested against existing exploits


They say this is based on actual testing. Researchers Dispute Which Windows Versions Are Vulnerable

Linked by shanmuga Monday, 2nd January 2006 10:27PM