A vulnerability in Microsoft Windows Metafile (WMF) handling was discovered in December. This vulnerability affects all versions of Microsoft Windows. Microsoft is working on a patch.

This vulnerability could let an intruder take complete control of your system, install spyware and attack other systems. Exploit code has been publicly posted and systems are being compromised, including as of Monday January 2, 2006 41 systems on campus of which 2 were in EECS.

Systems are vulnerable to WMF exploits via malicious web pages, malicious email attachments and malicious attachments in instant messaging.

For more info please see http://idsg.EECS.Berkeley.EDU/security/wmf.html

---

UPDATE

[2006-01-05 13:43:45 | Emrys Ingersoll, IDSG]

Microsoft has released a patch fixing the Windows Metafile (WMF) vulnerability. The patch is available via the “Windows Update” website and IDSG recommends applying it as soon as possible.

For more information, please see Microsoft Security Bulletin MS06-001.