What we really learn from this all WMF "thingie", is that when Microsoft 
wants to, it can.

Microsoft released the WMF patch ahead of schedule
( http://blogs.securiteam.com/index.php/archives/181 ) 

Yep, THEY released the PATCH ahead of schedule.

What does that teach us?

There are a few options:
1. When Microsoft wants to, it can.

There was obviously pressure with this 0day, still =97 most damage out 
there from vulnerabilities is done AFTER Microsoft releases the patch 
and the vulnerability becomes public.

2. Microsoft decided to jump through a few QA tests this time, and 
release a patch.

Why should they be releasing BETA patches?
If they do, maybe they should release BETA patches more often, let those 
who want to - use them. It can probably also shorten the testing period 
considerably.
If this patch is not BETA, but things did just /happen/ to progress more 
swiftly.. than maybe we should re-visit option #1 above.

...

Maybe it=92s just that we are used to sluggishness. Perhaps it is time we, 
as users and clients, started DEMANDING of Microsoft to push things up a 
notch.

...

Put in the necessary resources, and release patches within days of first 
discovery. I=92m willing to live with weeks and months in comparison to 
the year+ that we have seen sometimes. Naturally some problems take 
longer to fix, but you get my drift.

It=92s just like with false positives=85 as an industry we are now used to 
them. We don=92t treat them as bugs, we treat them as an =93acceptable level 
of=94, as I heard Aviram mention a few times.

...

The rest is in my blog entry on the subject:
http://blogs.securiteam.com/index.php/archives/182 

	Gadi.