Surprise: Microsoft Issues Patch for WMF Flaw

On Thursday, Microsoft issued a patch for the serious Windows Metafile Format (WMF) file format flaw that has been bedeviling Windows users since the last week of December. The software giant had previously announced that it wouldn't ship the patch to users until next week, when it issues its regularly scheduled January patches.

Why the change of heart? The realization of the seriousness of this flaw has been escalating ever since it was first discovered on December 27, 2005. At first, the flaw was seen as a minor inconvenience that was unlikely to affect many users. But security researchers quickly discovered that the WMF flaw could be used to direct blistering electronic attacks, and malicious hackers immediately began releasing ever more dangerous exploit code.

 
Last week, the SANS Institute recommended that Windows users not wait for Microsoft's patch but rather install a third-party patch that SANS had independently verified. But with Microsoft finally issuing its official patch, one hopes the danger is over. The company made the patch available as a critical update via Windows Update, Microsoft Update, and Automatic Updates, ensuring that the widest possible range of users get it automatically as quickly as possible.