Virus writers have released code for a Trojan that exploits a
flaw in the Window Metafile (WMF) image format. Computers running Windows XP
(SP1 and SP2) and Windows Server 2003 systems are vulnerable. Older Windows version
may also be at risk.
Computer security organizations and AV researchers have
released information on the new threat and Microsoft has released a rather
cumbersome workaround. Microsoft has stated it will release a patch on January
10th as part of its normal, monthly update cycle.
SANS has released an unofficial, .MSI installer file fix for the vulnerability that you can download here. I have not tested the file personally, but several AV professionals have and they recommend it.
You can learn more about this threat from the following
links:
- US-CERT Vulnerability Note VU#181038
- Microsoft Windows WMF “SETABORTPROC” Arbitrary Code Execution
- Microsoft Security Advisory (912840)
- Trojan delivers unwanted gift to Windows PCs
- World+dog scrambles to fight Windows flaw
Daily Tech Insider Newsletter
Stay up to date on the latest in technology with Daily Tech Insider. We bring you news on industry-leading companies, products, and people, as well as highlighted articles, downloads, and top resources. You’ll receive primers on hot tech topics that will help you stay ahead of the game.
Delivered Weekdays
