Microsoft releases critical update for WMF exploit today
Instead of waiting until January 10 as previously announced, Microsoft is releasing the patch for the WMF exploit as a critical update today. Microsoft Security Bulletin MS06-001 has download links for all of the affected operating systems. It's supposed to be available at 2:00 PM PST, (UTC/GMT -8) today, but it is actually available now.
You can also get the update at the Microsoft Update center and by opening Internet Explorer, clicking "Tools", then "Windows Update". It's recommended that you do not click on a link in an email to get the update because URL's can be obfuscated.
Here's the notice I got from Windows Update:
Security Update for Windows XP (KB912919)
Date last published: 1/5/2006
Typical download size: 196 KB
A remote code execution security issue has been identified in the Graphics Rendering Engine that could allow an attacker to remotely compromise your Windows-based system and gain control over it. You can help protect your computer by installing this update from Microsoft. After you install this item, you may have to restart your computer.
System Requirements
Recommended CPU: Not specified.
Recommended memory: Not specified.
Recommended hard disk space: Not specified.
How to Uninstall
This software update can be removed via Add or Remove Programs in Control Panel.
Get help and support
http://support.microsoft.com
More information
If you have installed Ilfac's patch or another unofficial patch, it's recommended to uninstall it prior to installing the Microsoft update.