Microsoft is dragging their heels on this one. There's a third party
patch that takes care of the flaw now and it has been vetted by a
number of sources.
This is a big problem. More information here:
* Why is this issue so important?
The WMF vulnerability uses images (WMF images) to execute arbitrary
code. It will execute just by viewing the image. In most cases, you
don't have click anything. Even images stored on your system may cause
the exploit to be triggered if it is indexed by some indexing software.
Viewing a directory in Explorer with 'Icon size' images will cause the
exploit to be triggered as well. Microsoft announced that an official
patch will not be available before January 10th 2006 (next regular
I just installed the patch, but make up your minds for yourselves.
I'm aware that it is off topic for a home repair newsgroup, but since
most people on this newsgroup use computers - and I actually happen to
like you guys - I thought you'd let this one slide.
I'm with you on the Microsoft fixing Microsoft products, but when
they're waiting until the next scheduled patch release for a major flaw
that is already being exploited, that's just stupid. That SANS site is
a good one. Poke around in there - you might be surprised to see that
some of the freeware antivirus programs are quicker to respond to
published vulnerabilities than McAfee and Symantec.
Anyway, do as you see fit, and I promise not to start hawking widgets
and spamming in here.
I did see a reference to it and what the fix does. I get very
suspicious of claimed fixes that are not verified from a know source. In
this case the "patch" appears to only do a registry change which is a user
setting anyway. It just eliminates what program automatically is opened to
display certain types of files over the internet. As it turns out, that
setting has already been changed for me for other reasons.
I don't recommend anyone jump on a fix when they don't know 100% that
the fix is not a hoax and will cause problems.
HomeOwnersHub.com is a website for homeowners and building and maintenance pros. It is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.