If you’re even remotely interested in Windows security, you’ve probably seen the sensationalist claims from Steve Gibson that the WMF vulnerability was actually a secret backdoor into Windows, deliberately placed there by Microsoft.
I’ve tried to steer clear of this claim so far, because the last thing I want to do is add to the hype over what is at best a highly suspect conspiracy theory. I thought the explanation and rebuttal from Stephen Toulouse of the Microsoft Security Response Center made good sense, but I also understand that some people are going to be justifiably skeptical of any official statement that comes out of Redmond.
But I’ve just run across Mark Russinovich’s detailed analysis of Gibson’s claim, and I feel confident that his conclusion is correct:
In my opinion the backdoor is one caused by a security flaw and not one made for subterfuge.
Mark’s body of work and impressive library of utilities at Sysinternals proves that he knows more about the guts of Windows than just about anyone else on the planet, including lots of Microsoft lifers. He’s also the guy who broke the Sony rootkit story.
When Mark says there’s no conspiracy, that ends the discussion for me.