One of the most dangerous Windows exploits ever, the WMF exploit, still makes the computer security news. Every new report tells more about the risk and explains how it works. However, there is still no official patch for the WMF vulnerability found in most Microsoft Windows systems. Because of the lack of a patch, the exploit managed to affect thousands of Internet users around the globe. McAfee, one of the leading IT security companies, said that more than 6% of their customers having been infected with widely spread variants of the WMF exploit. Other companies keep silence for the moment, but it seems like the infection rates become more and more intimidating.
To crown it all, some spyware makers and corrupt anti-spyware vendors decided to cash in on the recent exploit. Websense Security Labs report that makers of Webext (also known as Exfol) adware, which is distributed mostly through pop-ups on various web sites, are using the WMF exploit to plant the parasites to visitor computers. Furthermore, we have reliable information stating that the same persons are responsible for the stealth installation of Virtual Bouncer, infamous corrupt anti-spyware, and SpyAxe, today’s number one risk. Both these parasites are installed with the help of the WMF exploit.
Although Microsoft didn’t issue an official patch yet, there are some unofficial fixes made by reputable security experts. Windows WMF Metafile Vulnerability HotFix developed by Ilfak Guilfanov is one of the most proper fixes for today. It not only patches the WMF vulnerability, but also doesn’t remove any functionality from the system, so that all pictures will continue to be visible. Moreover, this patch can be uninstalled as easily as any other program. This allows quickly removing it in case it interferes with some installed software or doesn’t work as intended. Although Ilfak Guilfanov’s patch is recommended by most IT security companies, it isn’t from Microsoft and therefore might not be acceptable for some users. Furthermore, it works only for Windows 2000, Windows XP and Windows Server 2003.
Ilfak Guilfanov also developed the WMF Vulnerability Checker. This tiny tool checks the system for the WMF flaw and reports the results. It doesn’t alter the system, so all the users are encouraged to check their machines immediately.
If your system is vulnerable, you should apply the unofficial WMF patch as quickly as you can. If you do not trust any third-party fixes, even those developed by reputable security experts, please take preventive measures described in this article.