For those who don’t already know, there is a serious (critical) security flaw in the Windows Metafile (WMF) code, which Microsoft has not yet made a patch available for.
This is a very serious flaw, with malicious code out there on the net right now. The worst part is that this flaw requires no user interaction to execute – in other words if someone manages to get malicious code onto your machine, it will almost certainly run, without you even clicking on any links.
It can also go past any security settings, from what I know.
Fortunately however, a clever guy by the name of Ilfak Guilfanov has come up with a patch that will close this hole. Though this patch is completely effective, it should still only be regarded as a temporary fix until Microsoft makes a patch available. So I would advise that you apply this workaround as soon as possible.
See this link on Steve Gibson’s site for details.
I don’t usually put out a warning like this, but this a far more serious flaw than usual.
Update: Fri 6/1/06
Microsoft has made a patch for this available. It will probably show up pretty quick if you have your Automatic Updates turned on. Otherwise you know the drill – go to Windows Updates. I installed this patch on the work computer today and it showed no ill effects so far that I’m aware of.
If you installed the workaround patch previously mentioned, don’t forget to un-install it first before installing Microsoft’s.