Microsoft WMF vulnerability

January 4, 2006

A serious security flaw was recently discovered in all versions of Microsoft Windows that could allow an attacker full access to your computer. Details about this vulnerablity can be found in Microsoft Security Advisory 912840

Microsoft issued a patch for this vulnerability on Thursday, January 5, 2006. It is recommended that everyone visit http://www.windowsupdate.com and update their computer.

There are general steps you can take to help prevent security threats from affecting your computer:

  • Beware of an e-mail attachment called happynewyear.jpg, which is really a WMF file that will exploit the flaw.
  • Do not open attachments or click links in e-mail or Instant Messages (IM) from unknown or untrusted sources as well as known sources where a link or attachment was not expected.
  • Do not visit unfamiliar or un-trusted Web sites.
  • Make sure your operating system and anti-virus software is up-to-date and follow safe computing practices as detailed at http://lockitdown.cc.vt.edu.