WMF flaw fails to spark attacks on AU users: Microsoft

Peter Watson, chief security advisor for Microsoft Australia, made the comment in a statement this morning confirming the company had delivered an urgent fix for the widely-publicised flaw ahead of the Redmond vendor's first monthly bulletin of security patches, scheduled for Tuesday next week in the United States.

"Microsoft's monitoring of the situation continues and I can let you know that at this stage there has been no evidence of any exploitation both on a consumer and enterprise customer level in Australia," Watson said.

Security experts have warned that thousands of malicious Web sites, some Trojan horses and at least one instant messaging worm exploiting the vulnerability have surfaced. Microsoft last night (AEDT) updated earlier advice that an attack could only occur if a user visited a Web site containing a malicious image or opened such a file attached to an e-mail, saying attackers could also exploit the flaw via a malicious image embedded in a Microsoft Office document.

Watson said Microsoft had not encountered any situation in which simply opening an e-mail could result in attack.

He said testing for the fix had been completed "earlier than anticipated," allowing Microsoft to release it last night (AEDT). The fix is available for download here.

In an interview with ZDNet Australia, Watson attributed the dearth of infection and exploitation in Australia to the fact most users here only visited trusted Web sites or had updated their anti-virus signatures to the latest versions which mitigated attacks based on the WMF vulnerability.

Watson said while early completion of the testing process was one factor in allowing Microsoft to push out the fix earlier than it originally intended, it had also been prompted to do so by the large number of queries about the problem from enterprise customers worldwide, including Australia.

The fix is also being pushed out to consumers and enterprise customers through Microsoft's automatic update services.

Watson's remarks follow comments last night (AEDT) from a director in Microsoft's Security Response Center, Debbie Fry Wilson, acknowledging the issue was "critical".

"Although the attacks based on WMF are very real, and the exploitation and the threats are evolving on a very fast basis, our analysis is consistent that the infection rate is low to moderate," Fry Wilson said. "However, the threat is very real, and customers should take the action of deploying this update as soon as possible."

CNET News.com's Joris Evers contributed to this report.