Microsoft: WMF Patch Later Today

In an unusual but welcome reversal, Microsoft has announced plans to release a patch for the WMF flaw prior to their scheduled 'Patch Tuesday' release cycle. A security bulletin notification from Microsoft states the needed patch will be released later today. The news arrives on the heal of public disclosures that the WMF flaw can also be exploited by embedding the malicious WMF files in Word documents. Microsoft admitted the workaround they had previously advised, unregistering shimgvw.dll, would not protect users from this vector of attack. The emergency hotfix provided by Ilfak Guilfanov is able to protect against the embedded WMFs. Microsoft's security bulletin notification states that, "Microsoft is releasing the update early in response to strong customer sentiment that the release should be made available as soon as possible."