Unofficial Patch for Windows WMF Vulnerability

Last week, everybody and their brother wrote about the new 0-day exploit for Windows that allows remote code execution when web browsing. Now there’s an IM worm going around to exploit it.

<p>At this point, Microsoft <i>still</i> hasn’t released a patch for it.  There’s a <a href="http://isc.sans.org/diary.php?storyid=999">third-party</a> patch available which reportedly is sufficient.</p>
<p>If you don’t have an IDS running, you’re in trouble.  If you do have an IDS running, the rule to detect it is very CPU intensive.  </p>
<p>If you haven’t de-registered the WMF DLL you’re in trouble.  If you have de-registered the DLL, word is there are other vectors to exploit the same problem.</p>
<p>If you’re not running the latest version of Outlook, you’re in trouble.  If you are running the latest version of Outlook, you can still get infected if you fall for a phishing attack.</p>
<p>If you’re still running Internet Explorer - well, you’re not so worried about this <a href="http://getfirefox.com">security</a> stuff anyway.