|Gee. The hits just keep on coming in...
Posted yesterday by Micro$oft:
Microsoft Security Advisory (912840)
Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution.
Published: December 28, 2005
Yep. eWeek says,
Microsoft Corp. has issued a security advisory for what Secunia is deeming an "extremely critical flaw" in Windows Metafile Format (.wmf) that is now being exploited on fully patched systems by malicious attackers.
Websense Security Labs is tracking thousands of sites distributing the exploit code from a site called iFrameCASH BUSINESS. That site and numerous others are distributing spyware and other unwanted software, replacing users' desktop backgrounds with a message that warns of spyware infection and which prompts the user to enter credit card information to pay for a "spyware cleaning" application to remove the detected spyware...
Fortunately, malware detection companies (AV/Spyware) seem to be reacting to this pretty quickly. Update your AV software NOW. You heard me. If you don't, then come crying to me only if you bring some of the big green with you. :-)
Gotta love Micro$oft. Full employment for techies.
Oh, there's a workaround for folks here, in case you're ionto the "belt and suspenders" approach to securing your computer.
Pegged to Ferdy's Bulletin Board (by linking his "NSA Cookies" post—a "TWC must-read" :-) at Conservative Cat.