Windows WMF patch promised for next week

Attackers could use the vulnerability to take control of a computer

Microsoft will issue patch for a widely abused security vulnerability in the Windows operating system next Tuesday as part of its monthly cycle, the company said in an update of the security advisory about the flaw.

Attackers could use the vulnerability to take control of a computer through a specially crafted Windows Metafile (.wmf) image.

Such an image can be used on a website or sent by email or in an instant message. Security vendors have reported that attackers are actively using all these methods in an attempt to infect systems.

Security website Secunia gave the vulnerability its most severe rating of 'extremely critical'.

All versions of Windows are vulnerable, according to security provider F-Secure, but systems running Windows XP or Server 2003 are most at risk.

Microsoft has developed a patch for the security hole and is currently testing it to enable a release next week.

Although Microsoft acknowledged that the flaw is being actively exploited, the company claimed that the scope of the attacks is not widespread.

Antivirus software is blocking most of the attacks through updated signature files, allowing the security software to recognise infected files before they can cause any harm, according to Microsoft.

Russian software engineer Ilfak Guilfanov has already released an unofficial fix which F-Secure has endorsed on its company blog.

Users who choose to install Guilfanov's patch will have to uninstall it before they run next week's Microsoft patch.