Virus writers have released code for a Trojan that exploits a
flaw in the Window Metafile (WMF) image format. Computers running Windows XP
(SP1 and SP2) and Windows Server 2003 systems are vulnerable. Older Windows version
may also be at risk.
Computer security organizations and AV researchers have
released information on the new threat and Microsoft has released a rather
cumbersome workaround. Microsoft has stated it will release a patch on January10th as part of its normal, monthly update cycle.
SANS has released an unofficial, .MSI installer file fix for the vulnerability that you can download here. I have not tested the file personally, but several AV professionals have and they recommend it.
You can learn more about this threat from the following links:
Bill Detwiler has nothing to disclose. He doesn't hold investments in the technology companies he covers.
Bill Detwiler is Managing Editor of TechRepublic and Tech Pro Research and the host of Cracking Open, CNET and TechRepublic's popular online show. Prior to joining TechRepublic in 2000, Bill was an IT manager, database administrator, and desktop support specialist in the social research and energy industries. He has bachelor's and master's degrees from the University of Louisville, where he has also lectured on computer crime and crime prevention.