The Finnish-based antivirus company F-Secure is recommending that systems administrators block access to all WMF files at HTTP proxy and SMTP level, as the Windows Metafile (WMF) vulnerability reported on Monday is confirmed as still applying to all the main versions of Windows: Windows ME, Windows 2000, Windows XP and Windows 2003. As of yesterday there had still been no patch issues by Microsoft.

The vulnerability was first reported on December 27, says F-Secure, at which time Trojan downloaders were seen to be actively exploiting the vulnerability with fully patched Windows XP SP2 machines. At its "Windows Zero-Day Vulnerability Center," F-Secure reports as follows:

"So far WMF exploits have been typically used to install spyware and adware although the threat of virus and worm exploits remain. Users can be infected simply by visiting a web site with an image file containing the WMF exploit. Internet Explorer users are at the greatest risk of automatic infection while Firefox and Opera browser users are prompted with a question whether they’d like to open the WMF image or not. They get infected too if they answer ‘Yes’."

Microsoft and CERT.ORG issued bulletins on the WMF vulnerability and also announced a workaround while Microsoft is creating a patch, the Center update continues. But in this meantime, it notes, "there are hundreds of millions of vulnerable computers at the moment."