December 28, 2005 General 1

F-Secure: News from the Lab

The Inquirer’s post

Please DO NOT USE Windows media player right now. Also do not surf via ANY browser to any sites that are not known to be safe. This includes Outlook since quite a few e-mails are sent HTML. Do not double-click any e-mails in Outlook until this security issue is patched. Also you can get infected via a dos prompt or by simply using windows explorer to browse your hard disks.

*edit* An unofficial patch has been issued to fix this problem. Download it here. This is only for windows 2000, windows XP, and windows 2003. Windows NT, ME, 98, and 95 users are out of luck. No fix will be coming. Time to upgrade to XP or server 2003.

*update* microsoft has released their patch. run windows update to get it.

*update2* Leo Laporte and Stever Gibson talk with Ilfak Guilanov the producer of the unofficial patch for the WMf flaw. It’s a great listen.