WMF Patch Released By Microsoft

Microsoft Security Bulletin MS06-001 has been released, providing a patch for Windows XP, 2003, and 2000 users. A patch for Windows 98/ME users was not provided. According to Microsoft, "Although Windows 98, Windows 98 Second Edition, and Windows Millennium Edition do contain the affected component, the vulnerability is not critical because an exploitable attack vector has not been identified that would yield a Critical severity rating for these versions." Microsoft does not address multiple reports that using IrfanView, XNView, or Lotus Notes can allow the exploit to render on these unprotected operating systems.

The security bulletin with vulnerability details and patches for the XP/2003/2000 operating systems can be found here: http://www.microsoft.com/technet/security/Bulletin/ms06-001.mspx