As mentioned in my previous diary
announcing the Windows WMF virus, I am following up to let everyone know that Microsoft has released its official patch:
Security update for WMF vulnerability [microsoft.com]
Note: If you installed the
temporary WMF patch that was developed by Ilfak Guilfanov, you should uninstall if first before installing the official MS fix.
To uninstall, go to Start --> Settings --> Control Panel --> Add or Remove Programs
and choose to Remove the program "Windows WMF metafile Vulnerability Hotfix". You will be asked to Reboot after you remove it. Then run the Windows installer, which will require yet another reboot.
This official patch (Microsoft's official security update does the same thing as Ilfak's patch, btw) was a bit of an unexpected surprise when I saw this update appear in my Automatic Updates; last I heard they weren't going to get this out til next Tuesday.
Lastly, this patch does
not fix the WNF vulnerability in Windows 95, 98, and ME -- as those are now classified as "non-critical" OS's. But not to worry: the mighty Ilfak
promises to hook you up with a patch.