If you've been keeping up with the news, you're probably well-aware of the unpatched Windows Metafile vulnerability, and the numerous trojans that exploit it to execute arbitrary code on infected systems. While I wouldn't normally post information about every other security issue here, this particular one has the potential to get quite ugly, especially because of its timing.

Variants have been springing up rapidly, with 73 different ones as of December 30th. The issue affects ALL versions of Windows, including the x64 editions. One of the most accurate and consolidated sources of information currently available on this topic is the WMF FAQ posted by Johannes Ullrich at the SANS ISC. Until an official patch is released, SANS and several security firms are advising users to install an unofficial patch and unregister shimgvw.dll. Download links and instructions are included on the FAQ page.

Moreover, as always, it is essential to have good antivirus and antispyware packages installed with up-to-date definitions. This eWeek article includes a list of antivirus products that were able to detect all 73 variants as of December 31st. As far as antispyware apps go, my personal recommendations include Microsoft Antispyware for realtime protection and Spybot S&D, both of which are free downloads.

All of this advise is even more important for non-techies who tend to be much more vulnerable to attacks like this one, so make sure you pass on the information to your friends and family, because this is notyour everyday security issue that affects one in a million people. With the flurry of New Year greetings being passed around at this time of the year, a single malicious one is all that's needed to cause quite an ugly situation.

Update: According to Microsoft's advisory, an official fix is being targeted for release on January 10th. If you do install the unofficial patch, make sure you uninstall it before installing the official hotfix when it's out.

Update 2: Looks like the patch has been created and is now undergoing compatibility testing and localization. The estimated release date remains January 10th.

My brother, I and twelve of his friends spent New Year's Eve at the Mountain Creek Ski Resort. We left from the NYC Port Authority Bus Terminal in the morning and reached the place after about an hour and a half.

After signing up for all our equipment, we decided to go snow-tubing first. Basically, you sit in these donut-shaped tubes and go sliding down a hill covered with snow, picking up speed as you reach the bottom. And since you have no control over it, you end up rotating in almost every direction as you go down! It's crazy, and lots of fun. :D

After everyone had their fair share of snow-tubing fun, we picked up our ski boots and equipment and headed down for training. The instructors taught us all the basics for a couple of hours, after which we were free to practice and do our own thing. It was a totally awesome experience. Most of us fell a couple of times at the beginning, but we all got a hang of it and had a blast after a bit of practice.

The weather up there was perfect for skiing too. I experienced my first snowfall ever (can you believe it hasn't snowed even once in NYC since I got here on Dec 18th?!) and it was absolutely spectacular - it started off as little snowflakes with beautiful geometric shapes, which later clumped together to form big clusters of snow, and ended with a rapid, powdery snow shower.

Later at night, of course, we had a party here at my brother's place with music, countdown and the usual stuff. We have lots of pictures from the trip that I'll post up, probably sometime later this week. :)