Even before many security firms and even Microsoft issued advisories for the recent zero day Windows Metafile exploit, the open source Metasploit tool was allowing users to make hay with the vulnerability.

So is Metasploit helping to spread the zero day outbreak, or is it helping security professionals to protect against it? The answer depends.

Windows users are currently at risk from a critical vulnerability in the Windows Metafile Format (WMF) for which there is currently no patch.

The virus exploits a critical vulnerability in the Windows Metafile Format (WMF), and is impacting versions of Microsoft’s Windows XP and Windows 2003 Web Server.

Because there’s no patch for the flaw, workarounds are needed to prevent the spread of the virus on computers. According to security firm iDefense, attacks require that Internet Explorer browser users visit a Web site with malicious code in order for an attack to be launched. The exploit targets how IE handles pictures. The malicious sites would hosting a .wmf file.

more from [url=http://www.enterpriseitplanet.com/security/news/article.php/3574591] enterpriseitplanet[/url]

---

Filed under: m$ - @ January 3, 2006 10:11 pm