Microsoft Releases WMF Security Patch Early

It's been a rough couple of weeks for Windows users. Hackers figured out a way to exploit a very serious security hole in Windows, now known as the WMF vulnerability, on December 28th---and immediately began doing so. The security weakness permits the hackers to take complete control of the affected PCs if the user merely views certain graphics on their PC or in the browser.

Ever since the "zero day," when malicious hackers began taking control of computers nonstop, there hadn't been an official patch for the majority of Windows users. Based on the seriousness of the threat, Microsoft made the decision to release a fix today, several days ahead of the monthly "patch Tuesday" next week. If you have Windows 2000, XP, or Server 2003, you can get the patch here. If you have Windows 98 or Me, you may be totally out of luck, as Microsoft doesn't plan to release a fix for these older operating systems.

Millions of Windows users remain vulnerable to this very serious threat (though, apparently, the users of Microsoft's beta OneCare service, according to the Washington Post's Brian Krebs, received a fix within hours of the discovery of the problem). Unless you download the patch today and manually install it, your PC will remain vulnerable until next week at the earliest.

The security problem is so serious that security experts in this case decided to take the unusual step of releasing an alternative fix. Security analyst Ilfak Guilfanov wrote a small program called WMFfix, which temporarily disables the vulnerable features within Windows that give rise to the problem. But that patch, reportedly, causes problems with printing on a small percentage of PCs. Fortunately for those who already installed Guilfanov's patch, there's a simple fix: Uninstall the 'unofficial' patch, using the Add/Remove Programs control panel (If you previously installed it, the patch is called "Windows WMF Metafile Vulnerability Hotfix 1.4" in the Add/Remove Programs list).

A belated happy 2006, everyone. Looks like it's going to be another crazy year for Windows security.