Official Patch
Microsoft released an official patch to address the problem on 5 January 2006. This patch may be applied in lieu of other corrective measures.
The official patch is available for Windows 2000, Windows XP and Microsoft Windows Server 2003. Windows NT 4 and other older operating systems did not receive a patch as they were no longer supported by Microsoft by then. Steve Gibson stated in his Security Now! podcast #20, that his company Gibson Research Corporation would make a patch available for Windows 9x systems if Microsoft did not. After further research, Steve Gibson stated, in a laterSecurity Now! podcast #23, that Windows 9x and ME are not vulnerable and do not need patching. Windows 9x/ME users can run his Mouse Trap utility to see this for themselves.
A free downloadable patch for Windows NT has been provided by Paolo Monti from Future Time, the Italian distributor of Eset's NOD32 anti-virus system. The patch works on older operating systems, but it is supplied without warranty.
There have been reports of the official patch being automatically installed even when Windows Automatic Update is configured to ask before installing automatically downloaded updates. This causes an automatic reboot, which can cause loss of data if the user has a program open with unsaved changes.
Read more about this topic: Windows Metafile Vulnerability
Famous quotes containing the words official and/or patch:
“The honor my country shall never be stained by an apology from me for the statement of truth and the performance of duty; nor can I give any explanation of my official acts except such as is due to integrity and justice and consistent with the principles on which our institutions have been framed.”
—Andrew Jackson (1767–1845)
“Imperious Caesar, dead and turned to clay,
Might stop a hole to keep the wind away.
O that that earth which kept the world in awe
Should patch a wall t’expel the winter’s flaw!”
—William Shakespeare (1564–1616)