WMF exploit

Wow, looks like tomorrow might be an interesting day for our windows friends. There is an exploit going around that can run arbitrary code in windows (seems like that’s the only kind of flaw people bother mentioning for windows). Anyway, it’s been going around for a few days now, possibly even having been timed for the holidays. It is a Zero Day exploit, and microsoft says they might be able to get a patch out by the 9th. In the meantime, don’t look at any image files on the net. No seriously. There is a non-MS patch available.

I hear, “well, macs and linux and unix are more secure just because no one uses them”. I think that only comes from people who don’t know what is going in. This problem for example is caused by a weird pseudo-image file that, on failure can run any defined procedure. Does that seem secure to you? Images that can launch executables? This isn’t a standout type of flaw either, they are usually like this. This one is really bad though. Hope everything goes ok, and a few computers are spared being spyware/adware drones.