Microsoft Readies WMF Patch
Zero-day Windows Metafile exploit to be patched in the first update of the year.
An attacker could take advantage of the flaw to execute arbitrary code on a vulnerable Windows XP and Windows 2003 system.
The exploit targets how IE handles pictures that are transmitted by malicious sites hosting the .wmf file. The flaw saw numerous variants and was reportedly being exploited in the wild. The WMF exploit also had been added to the popular Metasploit Framework, which could potentially also allow for easy execution.
The updated Microsoft advisory acknowledges that, though the vulnerability is "serious" and attacks are being attempted, "the scope of the attacks are not widespread."
Microsoft's own Windows OneCare Live Beta also provides protection against the vulnerability.
In its updated advisory, Microsoft also addresses the reason it is taking Microsoft so long to issue a security update.