subscribe
Microsoft patch for WMF flaw to be released Jan. 10
“Microsoft Corp. said today it does not plan to release a fix for the Windows Metafile (WMF) flaw until Jan. 10, when a patch will be included as part of the company’s scheduled monthly updates for January.
Microsoft has completed development of a patch for the flaw and is now testing it for quality and application compatibility, the company said in an advisory updating an earlier advisory released last week.”
Via Computerworld
The SANS Institute’s Internet Storm Center has an unofficial patch for the Windows .WMF flaw. And from their WMF FAQ: “The WMF vulnerability uses images (WMF images) to execute arbitrary code. It will execute just by viewing the image. In most cases, you don’t have click anything. Even images stored on your system may cause the exploit to be triggered if it is indexed by some indexing software.”
Leave a Reply