Over the weekend, the company released patches for beta testers running the Windows Vista December CTP (Community Technology Preview) and Windows Vista Beta 1, and warned that the new operating system was vulnerable to a remote code execution flaw in the Graphics Rendering Engine.
A Microsoft spokesperson told eWEEK that the Vista patches address the same vulnerability that led to the WMF (Windows Metafile) malware attacks earlier this month.
Microsofts out-of-cycle security update for the WMF vulnerability makes no mention of Windows Vista being vulnerable, but with the release of this weekends patches it is clear that the poorly designed "SetAbortProc," the function that allows printing jobs to be cancelled, was ported over to Vista.
Microsoft also moved swiftly to dismiss speculation in some quarters that the WMF flaw was a "back door" placed in Windows intentionally by the Redmond, Wash., software maker.
On the MSRC (Microsoft Security Response Center) blog, program manager Stephen Toulouse said the SetAbortProc functionality was a component of the graphics rendering environment needed for applications to register a callback to cancel printing, before the WMF file format even existed.
"Remember, those were the days of cooperative multitasking, and the only way to allow the user to cancel a print job would be to call back to them, usually via a dialog. Around 1990, WMF support was added to Windows 3.0 as a file-based set of drawing commands for GDI to consume," Toulouse said.
"The SetAbortProc functionality, like all the other drawing commands supported by GDI, was ported over (all in assembly language at this point) by our developers to be recognized when called from a WMF. This was a different time in the security landscape and these metafile records were all completely trusted by the OS. To recap, when it was introduced, the SetAbortProc functionality served an important function," he added.