Read:

http://isc.sans.org/diary.php?date=2006-01-01

http://www.hexblog.com/2005/12/wmf_vuln.html

Download & Install:

http://www.hexblog.com/security/files/wmffix_hexblog13.exe

For those who don't understand, I'll type an explanation shortly, needed to get this up first.

Explanation:

There is a serious flaw in EVERY Windows version since Windows 3.0. The flaw is located in the code which deals with the so-called Windows Meta Files.
It allows another person to take over your computer quite easily. There is NO official fix from Microsoft, your are NOT safe with XP SP2. This exploit affects EVERY Windows version!.

Install the patch from the download link and you're safe for the meantime. Once Microsoft releases a fix, you should uninstall this unofficial one and then install Microsoft's fix.

If you've opened a file called HappyNewYear.jpg (received through email) than you are already infected!
I suggest you re-install Windows completely in that case.

Sorry for the shouting in the title, but this is serious enough to warrant it.

Quote:


i unregged the dll
sorry...but i would not open a file with this obvious name!

oh...in this case of terror i will do something else...

i will use my rationality and do not open every file i get...and my spam filter is very well trained

well I installed that file requested in this topic still no odd things hehe , but with a hardware Firewall I'm safe here But I installed it t be extra sure for safty that shouldn't be a prob I suppose.

http://handlers.sans.org/tliston/wmffix_hexblog13.exe

If people are squeamish...then here's a more reliable link.

http://handlers.sans.org/tliston/WMFHotfix-1.1.14.msi