An announcement was released last week by Microsoft which revealed that they have released a patch to correct a flaw which exists in some Windows graphics files, known as Windows Meta File or WMF. The flaw has been recently exploited by criminal hackers, who use the Windows flaw as a means of stealing confidential information from the users.
The Microsoft announcement explained that exposure to this threat can occur when Internet users visit a web site, open an email or receive an instant message. The potential impact of the threat is an attack by viruses, spyware or other malicious programmes. Users can see exploit traffic hitting their AV (anti-virus), IDS (intrusion detection system) and IPS (intrusion prevention systems).
Microsoft advises that it released a patch to address this threat on Thursday, 5th January, and users who utilize the “automatic update’ function will receive the patch automatically do not need to take further action. However, those who do not use the automatic updates function can visit the Microsoft homepage at http://www.microsoft.com/ to access the link to the patch, which should protect users from the threat.
Also please see the following links for further information on the vulnerability:
http://www.us-cert.gov/cas/techalerts/TA05-362A.html
http://www.us-cert.gov/cas/techalerts/TA06-005A.html
