Microsoft Corp. said today it does not plan to release a fix for the Windows Metafile (WMF) flaw until Jan. 10, when a patch will be included as part of the company’s scheduled monthly updates for January. Microsoft has completed development of a patch for the flaw and is now testing it for quality and application compatibility, the company said in an advisory updating an earlier advisory released last week. The update will be available at Microsoft’s Download Center in 23 languages for all affected versions of the Windows operating system.

“Microsoft has been carefully monitoring the attempted exploitation of the WMF vulnerability since it became public last week, through its own forensic capabilities and through partnerships within the industry and law enforcement,” the company said in its statement. ” Although the issue is serious and malicious attacks are being attempted, Microsoft’s intelligence sources indicate that the scope of the attacks are not widespread.”

View: Full Story
Source: Computer World via MSFN