Staying safe from the WMF exploits...
Jan 2, 2006
Variants have been springing up rapidly, with 73 different ones as of December 30th. The issue affects ALL versions of Windows, including the x64 editions. One of the most accurate and consolidated sources of information currently available on this topic is the WMF FAQ posted by Johannes Ullrich at the SANS ISC. Until an official patch is released, SANS and several security firms are advising users to install an unofficial patch and unregister shimgvw.dll. Download links and instructions are included on the FAQ page.
Moreover, as always, it is essential to have good antivirus and antispyware packages installed with up-to-date definitions. This eWeek article includes a list of antivirus products that were able to detect all 73 variants as of December 31st. As far as antispyware apps go, my personal recommendations include Microsoft Antispyware for realtime protection and Spybot S&D, both of which are free downloads.
All of this advise is even more important for non-techies who tend to be much more vulnerable to attacks like this one, so make sure you pass on the information to your friends and family, because this is notyour everyday security issue that affects one in a million people. With the flurry of New Year greetings being passed around at this time of the year, a single malicious one is all that's needed to cause quite an ugly situation.
Update: According to Microsoft's advisory, an official fix is being targeted for release on January 10th. If you do install the unofficial patch, make sure you uninstall it before installing the official hotfix when it's out.
Update 2: Looks like the patch has been created and is now undergoing compatibility testing and localization. The estimated release date remains January 10th.