REDMOND, Wash., Jan. 3, 2006 — On Tuesday, December 27, 2005, Microsoft became aware of public reports of attacks on some customers that exploit a vulnerability in the Windows Meta File (WMF) code area in the Windows platform. Upon learning of the attacks, Microsoft mobilized under its Software Security Incident Response Process (SSIRP) to analyze the attack, assess its scope and determine the appropriate guidance for customers, as well as to engage with anti-virus partners and law enforcement.
Microsoft has completed development of a security update to fix the vulnerability. The security update is now being finalized through testing to ensure quality and application compatibility. Microsoft’s goal is to release the update on Tuesday, January 10, 2006, as part of its monthly release of security bulletins on the second Tuesday of the month. The update will be released worldwide simultaneously in 23 languages for all affected versions of Windows once it passes a series of rigorous testing procedures. It will be available through Microsoft Update and Windows Update, as well as Microsoft’s Download Center and through Windows Server Update Services for enterprise customers. Customers who use Windows’ Automatic Updates feature will be delivered the fix automatically.
Based on strong customer feedback, all Microsoft’s security updates must pass a series of testing processes, including testing by third-parties, to assure customers that they can be deployed effectively in all languages and for all versions of the platform with minimum down time.
Microsoft has been carefully monitoring the attempted exploitation of the WMF vulnerability since it became public last week, through its own forensic capabilities and through partnerships within the industry and law enforcement. Although the issue is serious and the attacks are being attempted, Microsoft’s intelligence sources indicate that the scope of the attacks is limited. In addition, attacks exploiting the WMF vulnerability are being effectively mitigated by anti-virus companies with up-to-date signatures.
Users should take care not to visit unfamiliar or untrusted Web sites that could potentially host the malicious code. Additionally, consumer customers should follow guidance on safe browsing. Enterprise customers should review Microsoft’s Security Advisory #912840 for up-to-date guidance on how to prevent attacks through exploitation of the WMF vulnerability.
The intentional use of exploit code, in any form, to cause damage to computer users, is a criminal offense. Accordingly, Microsoft continues to assist law enforcement with its investigation of the attacks in this case. Customers who believe they have been attacked should contact their local FBI office or post their complaint on the Internet Fraud Complaint Center Web site. Customers outside the U.S. should contact the national law enforcement agency in their country.
Customers who believe they may have been maliciously attacked by exploitation of the WMF issue can contact Microsoft’s Product Support Services for free assistance by calling the PC Safety line (1866-PCSAFETY) and international customers by using any method found at this location: http://support.microsoft.com/security. Microsoft also continues to encourage customers to follow our Protect Your PC guidance of enabling a firewall, getting software updates and installing anti-virus software. Customers can learn more about these steps at www.microsoft.com/protect.