Thanks to jwjw1 for the heads up in Back Page News
A week after becoming aware of a severe vulnerability in the Windows Meta File (WMF) portion of Windows operating systems, Microsoft has announced that it will not rush its patch to release, but will instead test the patch with plans to release it on Tuesday, January 10th as a part of it's routine monthly security bulletins. Microsoft claims that they have been closely monitoring the attempted exploitations of this particular vulnerability over the last week, and while they do admit that the issue is serious and that attackers are actively attempting to exploit the vulnerability of affected systems, Microsoft's partners and intelligence sources do not believe that the scope of the attacks is widespread.
While they report that no known instances of this particular vulnerability have been reported to be exploited via e-mail, Microsoft is urging users to exercise caution when opening e-mail messages or when following links in e-mail messages, especially if the source of the message is unknown.
SANS / The Internet Storm Center are offering a patch to protect users from the problem. The reputable ISC are putting their backing behind it, and without any other good option, users might be wise to install their patch rather than waiting until the 10th. You can download it here (msi). Once again, the patch is
is not endorsed by Microsoft (or Neowin for that matter). However, if you trust Microsoft for security, you'll probably be ok trusting this.
View: Neowin Forum Discussion
News source: Microsoft Security Advisory 912840 (updated)