Free Computer Help.
Powered by Volunteers.

Fix Released for High-Risk Windows WMF Vulnerability

by Oscar Sodani
January 3, 2006

Oscar Sodani is a founder of Help2Go and owner of Help2Go Networks, an IT consulting firm in the Washington D.C. area. Oscar holds the CISSP certification as well as industry certifications from Microsoft, Cisco and Novell.

The computer security world is in a tizzy following the announcements that a new Microsoft Windows security vulnerability was found. This security vulnerability is already being exploited by malicious websites to install spyware, adware, and porn software onto people's unsuspecting machines. Even a fully patched system can be affected!

UPDATE: Microsoft has released a patch for this security hole via Windows Update. Please run Windows Update as soon as possible. Then you may uninstall the WMF patch if you installed it via this page. 

Today, a new fix has been released (and certified by SANS) which promises to close this hole. Was it released by Microsoft? No, of course not... Microsoft has announced that it won't release the fix until January 10th, leaving everyone vulnerable to attack for a whole additional week!

Instead, a security researcher has worked day and night to figure this out and he has released a software patch for this flaw. SANS, the premiere security information organization, has inspected the code and certified it as being safe for use by the public. The fix is also being recommended by and several anti-virus vendors. The fix can also be fully uninstalled from Add/Remove Programs.

Download the "unofficial" fix from

Download the "unofficial" fix from 

The download site is extremely slow, as people all over the Internet are attemtping to grab this fix. Please be patient. We will post additional download sites soon.

Once you download the file, simply double-click it and it will close the WMF Windows security hole. 

The exploit uses the security hole in the WMF graphics file format in order to execute malicious programs on your PC. The WMF format is a very little used format meant for faxes and such. Normally, disabling the file extension would be good enough, but not in this case.

According to SANS : "Should I just block all .WMF images? This may help, but it is not sufficient. WMF files are recognized by a special header and the extension is not needed. The files could arrive using any extension, or embedded in Word or other documents."

All versions of Internet Explorer are affected. As far as anyone knows, the latest version of Firefox (1.5) is not affected by the flaw. However, given the information in the previous paragraph, it is better to be safe than sorry. 

SANS statement about the fix
SANS FAQ about the WMF Flaw statement about this fix and the WMF flaw
WMF Vulnerability Checker


Have a question? Need help? Get free, friendly person-to-person help with your computer questions or spyware questions in our help forums!

Creative Commons License

(C) 2008 Help2Go - Contact Us