WMF Security Vulnerability

Microsoft has confirmed the security vulnerability in the Windows Meta File (WMF) which can be used to install any type of malicious code to your computer (mainly Viruses and Trojans). There are many variants of exploit already appearing in the internet. Microsoft is planning to release the patch next week on 10 Jan 2006 but many security experts say that it might me too little too late.

For corporations and individuals who can’t wait until next week there’s an unofficial patch from Ilfak Guilfanov. This is what Internet Storm Center has to say about the patch.

“We have reverse engineered and verified that the installation/uninstallation code in the .msi does what it says it does and nothing more”

Internet Storm Center have detailed explanation on how WMF security vulnerability and the unofficial patch work.

Web security solutions provider Websense is providing more information on WMF infected sites . Infected sites are detected in United States, Russia, Netherlands, the United Kingdom, China, and Japan at this moment.

As for myself I’ve already installed the unofficial patch and can recommend you to do so but you need to understand this is an unofficial patch which Microsoft don’t recommend but I’m simply afraid that it might be too late before they release the official patch. This security vulnerability is too serious to ignore and wait for a week. BTW, Internet Storm Center and Anti-Virus firm F-Secure both have tested and urging the businesses to install unofficial patch.

Be Sociable, Share!
Posted in Security, Technology, Windows

Leave a Reply

Your email address will not be published. Required fields are marked *

*

Recent Comments

Micle on How I Prepared and Passed CISSP : Nice Aritcle…(August 10, 2017, 8:51 am)
David on How I Prepared and Passed CISSP : I am very happy to read this…(August 10, 2017, 8:21 am)
95Russell on Simulating Cisco and Linux Networks: Hello blogger, i must say you have…(August 5, 2017, 8:30 pm)
amberhina on DNS Amplification Attack: Thank you for helping us with DNS…(August 4, 2017, 10:11 am)
Audrea on Load balancing web servers with Pound: Skype has opened its internet-structured consumer beta…(July 1, 2017, 7:27 pm)