An official fix for the worrisome Windows Meta File vulnerability is in the works, Microsoft said on Tuesday in an updated security advisory.
The flaw in Windows Meta File (WMF) concerned many security experts over the holidays because the vulnerability can be exploited by displaying images in Internet Explorer from a malicious Web site. The Mozilla Corporation's Firefox browser does not immediately run code but reportedly asks permission to display the malicious images.
The flaw, which affects all versions of Windows but the recent versions of the operating system most seriously, will have an official patch in a week, said Microsoft in the advisory. The software giant has verified its update works, but needs to more fully test the software. The company does not believe that attacks using the exploit are all that widespread.
"Microsoft has been carefully monitoring the attempted exploitation of the WMF vulnerability since it became public last week, through its own forensic capabilities and through partnerships within the industry and law enforcement," the software giant said in the updated advisory. "Although the issue is serious and malicious attacks are being attempted, Microsofts intelligence sources indicate that the scope of the attacks are not widespread."
Security experts have recommended that users download an unofficial patch created by a security software developer.
Posted by: Robert Lemos