Lennart Wistrand here. I wanted to write a few lines about the public post made over the weekend about a new specially crafted WMF image that could potentially cause the application using the Windows Graphics Rendering Engine to crash. As it turns out, these crashes are not exploitable but are instead Windows performance issues   that could cause some WMF applications to unexpectedly exit. These issues do not allow an attacker to run code or crash the operating system. They may cause the WMF application to crash, in which case the user may restart the application and resume activity. We had previously identified these issues as part of our ongoing code maintenance and are evaluating them for inclusion in the next service pack for the affected products. 

Just to be clear, the security update accompanying MS06-001 did not include fixes for these performance issues. Security updates sometimes do include other fixes, quite often this is a result of the cumulative nature of development, i.e., it may be that those types of fixes get checked in to the code tree and then picked up when a file is serviced in that code branch. However, in order to keep the code churn in security updates to a minimum we try to avoid, as a general rule, including other code fixes for performance issues such as this. It may seem counter-intuitive to not want to improve the code quality whenever opportunity arises, but the fact is that code churn incurred might have a negative impact on the quality of the update or yield a need for even more testing to ensure that we meet the quality bar for security updates. Service Packs or Update Rollups are typically the preferred method of servicing software. If a fix for an issue cannot wait until the next service pack we do consider other forms of servicing. You can read more about the different servicing mechanisms and our terminology for these in this article: http://support.microsoft.com/kb/824684

 Kind regards

/Lennart

*This posting is provided "AS IS" with no warranties, and confers no rights.*