Oops. Security expert Dana Epp notes that the “unofficial” patch for the WMF exploit apparently disabled printing for some people using PostScript printers.
How would you feel if your business had bought in to the hysteria and deployed this untested code in a production environment, and then you missed a deadline to submit a design proposal for a key client that cost you a million-dollar contract?
Lots of good insights in Dana’s post.
Ed Bott 
You have got to me kidding me. Suppose a massive exploit became public during this unpatched window? Firms that installed the 3rd party patch were the smart ones.
At least the “unofficial” patch could be easily uninstalled if it caused any problems – something you can’t say about most of Microsoft’s patches…
Err what? This post is retarded! You can uninstall the unofficial patch. No-one is going to lose a million-dollar contract because of it. Nice strawman.
And the number of times M$ have screwed up their patch QA (quite often introducing new vulnerabilitys) definately cant be counted using just fingers and toes.
Let’s take a recent example:
http://support.microsoft.com/kb/909444
Does it feel good being such a shill? Do you do it for the warm fuzzy feeling when Scoble links to you and gives you a virtual pat on the head? Let Micro$oft do their own damn PR and spin please.
As if Microsoft puts out supreme patches that cause no flaws (hmmm, xp sp2 – ring any bells?).
The gentleman who put out the patch was just doing his best since MS was not putting one step forward. I feel that a flaw is like an open wound, heal it as quick as possible. MS did not do that so the community pitched in and did what they could in the interim.
Ed. I love your blog but I think you need to step back a little on the criticism of the community (SANS, the gentleman who created the patch, etc.). I think we’re all interested in protecting our machines the best possible. No one can predict what is going to happen – this wmf flaw could have blossomed into something huge. BTW, I did actually follow the recommendations made on SANS (on several machines) and I’ve had no issues – shit happens whether its a patch made by the manufacturer or made by others – point is we need to keep an open mind and a closed vulnerability.
Chuck
Chuck, can you point to a single place where I criticized the guy who wrote the unofficial patch? All I have ever said is I don’t recommend installing it. That’s not criticism.
As for SANS, I still believe that the one post in question was inappropriate for posting on a professional forum.