A lot has happened since last night so let me try to bring you up to speed on things.

First, Ilfak Guilfanov (the researcher who came up with the unofficial patch) has come out with a WMF vulnerability checker to allow you to test your systems for the vulnerability.

Secondly, Windows 98/ME users - will you guys get a patch from Microsoft?  There's some doubt that user running either of these operating systems are vulnerable but that getting infected might just be harder.  This from SANS:

If you're still running on Win98/ME, this is a watershed moment: we believe (untested) that your system is vulnerable and there will be no patch from MS. 

F-Secure have a description of a new tagetted WMF email attack.

What makes the case really interesting was the cloak-and-dagger language used in the email which was spoofed to originate from US State Department's security unit.

Yeah, right ...

Be careful out there! 

My guide to the WMF exploit (updated regularly) can be found here. I have also included a downloadable PDF version too that you can distribute to others.

Technorati Tags: Ilfak Guilfanov, WMF, WMF exploit

This entry was posted on Monday, January 2nd, 2006 at 11:47 and is filed under In the News, Stay Secure. You can follow any responses to this entry through the RSS 2.0 feed. Responses are currently closed, but you can trackback from your own site.