An official fix for the worrisome Windows Meta File vulnerability is in the works, Microsoft said on Tuesday in an updated security advisory.

The flaw in Windows Meta File (WMF) concerned many security experts over the holidays because the vulnerability can be exploited by displaying images in Internet Explorer from a malicious Web site. The Mozilla Corporation’s Firefox browser does not immediately run code but reportedly asks permission to display the malicious images.

The flaw, which affects all versions of Windows but the recent versions of the operating system most seriously, will have an official patch in a week, said Microsoft in the advisory.

SANS / The Internet Storm Center are offering a patch to protect users from the problem. The reputable ISC are putting their backing behind it, and without any other good option, users might be wise to install their patch rather than waiting until the 10th. You can download it here (msi). Once again, the patch is un-official, and is not endorsed by Microsoft. However, if you trust Microsoft for security, you’ll probably be ok trusting this.

The software giant has verified its update works, but needs to more fully test the software. The company does not believe that attacks using the exploit are all that widespread.

“Microsoft has been carefully monitoring the attempted exploitation of the WMF vulnerability since it became public last week, through its own forensic capabilities and through partnerships within the industry and law enforcement,” the software giant said in the updated advisory. “Although the issue is serious and malicious attacks are being attempted, Microsoft’s intelligence sources indicate that the scope of the attacks are not widespread.”

Security experts have recommended that users download an unofficial patch created by a security software developer.

Popularity: 1%