Happy New Year!

There has been a lot of local (and International) coverage on the WMF zero day exploit that came to light during the Christmas holidays (Dec 27th).

 The vulnerability affects the graphics rendering engine in Windows and could potentially allow malicious code embedded in a Windows Meta File image to be executed resulting in complete compromise of a system. The vulnerability is not known to be wormable and to be infected, the user would have to visit the attacker's website to view the image. There is an immediate workaround for Winodws XP and Windows server 2003 users that can be achieved by unregistering the Windows Picture and Fax Viewer (details on how to do this are contained in the document linked below.

The security centre in the US are currently testing the required update  and are now reasonably confident that the update will be released on Tuesday - Jan 10th. The delay is really down to the engineers testing and localising the update to make sure the update can be deployed effectively across all platforms with a minimum of downtime. Despite the press activity, we are seeing very low infection rates and this is why the update is being held for a full test cycle. There is a workaround immediately available at http://www.microsoft.com/technet/security/advisory/912840.mspx. There was a thrid party patch issued earlier in the week that has been endorsed by SANs however, our recommendation is to wait until the tested update is released next week