WMF Vulnerability Security Update

Mike Reavey here from the MSRC- I just wanted to provide another quick update on the WMF vulnerability situation.  Microsoft is continuing to work on finalizing a security update for the vulnerability in WMF that is currently being exploited by some malicious attackers. The update has been on an expedited track since Microsoft became aware of the attacks on December 27th.  We still anticipate releasing the security fix for this issue on January 10, 2006, once testing for quality and application compatibility is complete.

The expedited track to investigate the vulnerability and develop the security udpate includes redirecting resources from other security development and testing efforts to primarily focus around the clock on producing and releasing the WMF security update.

In our effort to put this security fix on a fast track, a pre-release version of the update was briefly and inadvertently posted on a security community site. There has been some discussion and pointers on subsequent sites to the pre-release code.  We recommend that customers disregard the postings and continue keep up-to-date with our latest information on the WMF issue at http://www.microsoft.com/technet/security/advisory/912840.mspx.

-Mike Reavey

*This posting is provided “AS IS” with no warranties, and confers no rights.*