Jan 10 is the Microsoft stated release date for a WMF page -- was : what is your advice to your users

["H. Morrow Long" <morrow.long () YALE EDU>]

On Jan 2, 2006, at 4:24 PM, Sadler, Connie wrote:
> Does anyone know how close we are to a patch from Microsoft? ...
> Anybody have some
> status?

January 10 (one week from today) is Microsoft's goal for a patch.

The following was posted today on the updated MS advisory page
( http://www.microsoft.com/technet/security/advisory/912840.mspx )

Microsoft Security Advisory (912840)
Vulnerability in Graphics Rendering Engine Could Allow Remote Code  
Execution.
Published: December 28, 2005 | Updated: January 3, 2006

On Tuesday, December 27, 2005, Microsoft became aware of public  
reports of malicious attacks on some customers involving a previously  
unknown security vulnerability in the Windows Meta File (WMF) code  
area in the Windows platform.

Upon learning of the attacks, Microsoft mobilized under its Software  
Security Incident Response Process (SSIRP) to analyze the attack,  
assess its scope, define an engineering plan, and determine the  
appropriate guidance for customers, as well as to engage with anti- 
virus partners and law enforcement.

Microsoft confirmed the technical details of the attack on December  
28, 2005 and immediately began developing a security update for the  
WMF vulnerability on an expedited track.

Microsoft has completed development of the security update for the  
vulnerability. The security update is now being localized and tested  
to ensure quality and application compatibility. Microsoft’s goal is  
to release the update on Tuesday, January 10, 2006, as part of its  
monthly release of security bulletins. This release is predicated on  
successful completion of quality testing.						...