Unpatched Windows Bug Being Exploited

A new Windows vulnerability was announced yesterday that allows crackers access to your computer via malicious .wmf image files. While this is not a format widely used by end-users, it is used by windows for preview icons. Since the bug is in how Windows itself handles these files, all browsers and mail programs are effected, as is any software that supports these files.

.wmf files are actually a sequence of graphic commands. This particular bug will execute arbitrary commands on your machine when a malicious file is viewed at all, so just viewing a web page containing this type of image will allow your computer to be infected.

As of now there is no patch for this bug. A workaround to protect your computer that will remove support for .wmf files completely. This will stop some services. Details on how to apply this and more information about this bug can be found from the CERT bulletin on this exploit.

The link above also contains instructions for turning .wmf support back on, which would be done once Microsoft releases a patch.