WMF flaw cant wait for Microsoft fix, researchers say

Users of the Windows OS should install an unofficial security patch now without waiting for Microsoft Corp. to make its move, security researchers at The SANS Institute's Internet Storm Center (ISC) advised yesterday.

Their recommendation follows a new wave of attacks on a flaw in the way versions of Windows from 98 through XP handle malicious files in the WMF (Windows Metafile) format. One such attack arrives in an e-mail message entitled "happy new year," bearing a malicious file attachment called "HappyNewYear.jpg" that is really a disguised WMF file, security research companies including iDefense Inc. and F-Secure Corp. said WMF flaw can't wait for Microsoft fix, researchers say - Computerworld

Linked by shanmuga Monday, 2nd January 2006 9:36PM