Exploit code is appearing for an unpatched vulnerability in Microsoft’s Windows operating system, but users will have to wait another eight days before their computers will be safe.

The problem lies in the system for handling Windows Meta Files (WMF) and was discovered on 27 December. Exploit code started to appear shortly afterwards and administrators are now being urged to block all WMF files for the time being.

“Microsoft is aware of the public release of detailed exploit code that could allow an attacker to execute arbitrary code in the security context of the logged-on user, when such user is visiting a website which contains a specially crafted WMF image,” said the company in a statement.

The statement added that Microsoft engineers devised a patch within days of the discovery and will be releasing it on 10 January as part of the company’s regular patch releases.

So, who cares? Microsoft?

More information and a PATCH is available here.



  1. Pat says:

    Let me get this straight.

    Micro$oft has a patch yet will wait another week before releasing it?

    Micro$oft has my email address yet won’t notify me that this is in the wild OR what precautions to take?

    Micro$oft is not worried that their willful negligence could allow many computers to be harmed?

    Ya, right !!!

  2. jasontheodd says:

    Speaking on behalf of Linux users worldwide. This is the reason we don’t use windows, well, that and the stability issues. And the digital rights crap they put in your computer. And the matter of Windows costing over $300.00 while Linux is free………

  3. Rocco says:

    Pat,
    If you read your license agreement from M$oft, you will find that they are in no way libel for any damages caused by their software.
    They have done this before, and I am sure that they will do it again.
    But hey, it pays MY bills. So I really couldn’t care. I am a civil slave.. I mean servant, so my job pays the bills, has a pension and benefits, and isn’t moving to China any time soon. So I just grin and bear it.
    I find that in working for the gubment, they are more concerned with image than content (there’s always enough time to do it over). Be that as it may, I foresee them using M$oft products till doomsday. I plan to retire before then, so as long as I get paid for what I do, (I’m a network / support tech) I’ll just deal with it.
    I have grown past the thought where I could make a difference, when I finally realized that some people are more concerned with image, than content. Such is the case in M$oft, as well as gubment.

    Just my dollar three eighty and eleventy two cents.
    Rocco

  4. Wayne says:

    Or you all could just go over the http://www.grc.com and get the patch that was posted there by some programmer that has head on their shoulders.

  5. Go Linux. Buy a Mac. Some other post, but please, why are you using Windows? I used too, it doesn’t make much sense to me anymore.

  6. John Wofford says:

    I’m no shill, nor am I a product of anybodies brainwash mill, but I’ve used Windows (from 3.1 on) for over ten years, never upgraded an in place O/S, never patched and never really had any problems other than when I was tearing ass through the net sans firewall or virus protection for the hell of it, just to see what I could pick up. And until I step into something that smells funny I’ll keep on doing it the same way, although now I do use a firewall and virus protection.
    Windows platforms are relatively inexpensive, easy to build and when I find something that can run my website, my recording studio and all the other weird ass stuff I do then I’ll buy it.
    I think a lot of this stuff is just people who like to stir stuff ’cause they like the smell of freshly stirred stuff.

  7. “Windows platforms are relatively inexpensive, easy to build and when I find something that can run my website, my recording studio and all the other weird ass stuff I do then I’ll buy it.”

    Now I KNOW a windows platform isn’t cheaper running a website or managing a file server — I’ve used linux systems for many a design firms before I started mine. Now that we have an xserve, I’d argue the hardware is even cheaper for the power — just pointing it out. You may have ‘easy to build’ over some Linux flavors, but not a mac… and all without that Trojan issue.

  8. Jeremy Robbins says:

    Imagine you buy a car, you get to drive it home. Everything works great. Windows go up and down with ease.

    Now after the third day, there is someone in the drivers seat when you get there in the morning. When you want to roll down the window he lets you but it slow creeps up to close over the corse of an hour or so. Every once in a while the radio changes stations or worse yet locks you into a station until your monthly fees are caught up.

    Why do we let other people people drive our computers. It seems that if one has ever used a system other than MS they know why they don’t use it.

  9. IF THIS WERE A VIRUS
    YOU WOULD BE DEAD NOW
    FORTUNATELY IT’S NOT
    THE METAVERSE IS A DANGEROUS PLACE;
    HOW’S YOUR SECURITY?
    CALL HIRO PROTAGONIST SECURITY ASSOCIATION
    FOR A FREE INITIAL CONSULTATION

  10. Tallwookie says:

    It really annoys me when there is so much Microsoft bashing. They release an easy to use system that just so happens to be used by 90% of buisnesses and end-users. Go figure that almost all virii written are designed to attack the MOST POPULAR OS.

    There are bugs and errors in ALL operating systems, its just that nobody reports them, and since those bug reports arent made public, theres no virii written to attack them.

    You want to bash something? Bash religion, the buggiest OS arround.


0

Bad Behavior has blocked 5500 access attempts in the last 7 days.