Well, days later we now have an Official patch for the .wmf vulnerability.
If the mere existence of such sloppy code doesn’t infuriate you, consider this: Every time you upgraded your Windows operating system, you paid again for that same busted DLL.
CTOs and CIOs shouldn’t be worrying about how to get past this particular crisis.
They shoud instead be considering two much more important questions:
First, what else is vulnerable that no one (yet) knows about?
Second, what would the impact on your business be if tomorrow you couldn’t run the OS you’re currently using?
My belief in the superiority of the open-source software model is no secret, so I’m going to pass on this opportunity to do some (well-deserved) Microsoft-bashing.
The most important point is this: If you’re overly dependent on a single point of failure– any single point of failure– you should be thinking about contingency plans.
In this case, a solution such as creating bootable Linux or FreeBSD CDs, or booting a small distro from the network, may mean the difference between hours of downtime and continuing to function.