I've respected Steve Gibson of www.grc.com for quite a few years, since back in the day when I was just a network newbie. And his creations SpinRite and ShieldsUp have saved my bacon more than once. I mean, the guy is super-sharp!Needless to say, his accusation that the Windows MetaFile vulnerability is actually an intentional backdoor installed into later versions of Windows is pretty shocking! When I first saw the headline, I thought it was a hoax or a typo.
To hear Steve's actual comments for yourself, download his MP3 podcast with Leo Laporte and read the printed transcript of Security Now! Episode 22 here:
http://www.grc.com/sn/SN-022.htm
I went ahead and downloaded his KnockKnock.exe app, and tested the SetAbortProc on an unpatched Windows XP Pro SP2 system. On an unpatched system, the dialog box states:
The Backdoor IS Present
This system has a secret backdoor designed to allow the stealthful
remote execution of arbitrary code on your computer. After its
chance discovery by hackers, Microsoft quickly removed
support for the WMF backdoor with an urgent security update
which is not currently installed (or at least active) in this computer.
I don't know about you, but I'm waiting for Episode #23 with bated breath!!
Posted by Tim Barrett 
NoGeekLeftBehind.com 