WMF vulnerability02 Jan 2006
I posted about this over at the CentreSource blog as well, but I wanted to give my non-nerd readers a headsup to a potentially nasty exploit that could come your way soon with this new WMF vulnerability in Windows.
The short, non-nerd explanation is that there’s a vulnerability in a file format in Windows dating to Windows 3.0 (yes, you read right) and present in every version since. Exploit code has already been released in the wild over the holiday. Microsoft isn’t expected to do anything till the 9th, and things could get messy until then. Fortunately, an unofficial patch has been released that SANS has cleaned up for distribution. They are making the unprecedented step of recommending that everyone install it, pronto. Details can be found here and here.
I am not one prone to hysteria, but this doesn’t look good. I’ve never seen SANS so worked up. Patch or be 0wn3d.