New, very nasty Windows exploit. Please read.
I'm cutting and pasting this from an IM notice I sent out:
This is a message I'm sending to everyone on my friends list. You guys know I do *not* do this as a rule, so please take heed. There is a new, very serious, exploit present in all versions of windows. It's due to a flaw in one of the core graphics rendering dlls, and the short explanation is that you can be infected by viewing or even thumbnail-previewing any image file whatsoever in any program. Firewalls do not block it, and antivirus programs are mostly ineffective still.
It was just being spread from the usual websites that try to install spyware, but now it's a worm on the MSN network. And it will probably get worse.
There is no official patch yet, and there might not be for a couple weeks. However, there is an unofficial patch, at this address:
http://www.hexblog.com/2005/12/wmf_vuln.html
This was linked from Slashdot, and the patch on the page is considered legitimate. I strongly recommend everyone install this until MS releases an official one.
Also, SUGOI!
This is a message I'm sending to everyone on my friends list. You guys know I do *not* do this as a rule, so please take heed. There is a new, very serious, exploit present in all versions of windows. It's due to a flaw in one of the core graphics rendering dlls, and the short explanation is that you can be infected by viewing or even thumbnail-previewing any image file whatsoever in any program. Firewalls do not block it, and antivirus programs are mostly ineffective still.
It was just being spread from the usual websites that try to install spyware, but now it's a worm on the MSN network. And it will probably get worse.
There is no official patch yet, and there might not be for a couple weeks. However, there is an unofficial patch, at this address:
http://www.hexblog.com/2005/12/wmf_vuln.html
This was linked from Slashdot, and the patch on the page is considered legitimate. I strongly recommend everyone install this until MS releases an official one.
Also, SUGOI!