I'm sorry to interrupt your New Years plans but there is now a patch available to stop the exploit of WMF (and all the other images processed by the vulnerable shimgvw.dll library). It is made public, along with the source code, by Ilfak Guilfanov who is a very popular decompilation expert. http://www.hexblog.com/2005/12/wmf_vuln.html Should you patch? Yes, immediately. Even if you've blocked WMF files at the firewall and everything else is up to date there is now a first worm running in the wild under the file xmas-2006 FUNNY.jpg so exercise caution and start patching.
Whats on Vlad’s Mind?
For the less coherent, more grammatically correct realtime insight, follow me on Twitter at @vladmazek or on Facebook.
6 Responses to Patch for WMF exploits