On Tuesday, Jan. 3, 2006, Microsoft Corp. announced that it would release a security update to help protect customers from exploitations of a vulnerability in the Windows Meta File (WMF) area of code in the Windows operating system, in response to malicious and criminal attacks on computer users that were discovered last week.
However, Microsoft has released the update today already, earlier than planned.
Microsoft originally planned to release the update on Tuesday, Jan. 10, 2006, as part of its regular monthly release of security bulletins, after testing for quality and application compatibility was complete. However, testing has been completed earlier than anticipated and the update is ready for release. In addition, Microsoft is releasing the update early in response to strong customer sentiment that the release should be made available as soon as possible.
Microsoft's monitoring of attack data continues to indicate that the attacks are limited and are being mitigated both by Microsoft's efforts to shut down malicious Web sites and by up-to-date signatures from anti-virus companies.
Consumer customers who use Automatic Updates will receive the update automatically and do not need to take any additional actions. Consumers can also manually download and deploy the update by visiting Microsoft Update or Windows Update. Consumers can also get more information at Microsoft's Security At Home Web site. Enterprise customers who are using Windows Server Update Services will receive the update automatically. In addition, the update is supported by Microsoft Baseline Security Analyzer 2.0, Systems Management Server and Software Update Services. Enterprise customers can also manually download the update from the Download Center.
Microsoft will hold a special webcast on Friday, Jan. 6, 2006, to provide technical details about MS06-001 and answer questions. Customers can sign up for the webcast on microsoft.com.
Microsoft will also be releasing additional security updates on Tuesday, Jan. 10, 2006, as part of its regularly scheduled release of security updates.
The intentional use of exploit code, in any form, to cause damage to computer users is a criminal offense. Accordingly, Microsoft continues to assist law enforcement with its investigation of the attacks in this case. Customers who believe they have been attacked should contact their local FBI office or post their complaint on the Internet Fraud Complaint Center Web site. Customers outside the U.S. should contact the national law enforcement agency in their country.
Customers who believe they may have been maliciously attacked by exploitation of the WMF issue can contact Microsoft's Product Support Services for free assistance by calling the PC Safety line (1-866-PCSAFETY); international customers can use any method detailed at http://support.microsoft.com/security.
Cheers ~ Arne