Friday, January 06, 2006

Microsoft rushes out latest Windows patch

Yesterday afternoon (January 5, 2:00 pm), Microsoft released its hotly anticipated patch to fix the Windows® Meta File (WMF) vulnerability, five days earlier than expected.

Last week Tuesday (December 27), a vulnerability was announced in the way that Windows renders WMF files. The hole allows code to be executed as Windows tries to open WMF graphic files. There have been dozens of attacks, which have ranged from an MSN Messenger worm to spam that attempts to lure people to click on malicious Web sites, reported CNET's New.com.

Since then, security experts have actually encouraged Windows computer users to download and install third-party patches, given the serious nature of the vulnerability. As far as I can tell, this recommendation is unprecedented. Hexblog.com recently hosted an unofficial patch and was temporarily shut down due to the huge demand for their patch. The site now recommends that users uninstall their patch and install the official one from Microsoft.

To read Microsoft Security Bulletin MS06-001 - Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution (912919), and download the patch manually, visit:
http://www.microsoft.com/technet/security/Bulletin/MS06-001.mspx

website page counter