Just days after announcing plans to release a patch that fixes a security vulnerability in
Windows Meta File image processing on January 10,
Microsoft has rushed out the update early. The company said the patch was ready earlier than expected and its decision was based on feedback from partners.
WMF, or Windows Metafile, is a vector based image format used by Microsoft's operating systems. SHIMGVW.DLL is loaded to render the images and contains a flaw that opens the door for a malformed WMF image to cause remote code execution and potentially allow for a full system compromise.
\"So what changed to make us decide to release an update today? Two things: The first is that we have an update that we believe in. The team worked very hard to run all of the key scenarios that we are concerned about,\" explained Mike Nash, corporate vice president for security at Microsoft.
\"While we would always like to have more time, we are confident in the quality of the update. The second issue is that while there is no imminent threat, a number of customers are seeing exploit traffic hitting their AV, IDS and IPS systems.\"
Microsoft consulted partners about the out of band update, who recommended the company release the update as soon as possible. [/b]
Dont worry about installing unoffcial patch, the offcial patch is released, if ur live update is on, it would have already installed by now!
Edit:
Here is the link to download the patch:
http://www.microsoft.com/technet/security/...n/ms06-001.mspx