Can you afford to wait for WMF patch?

You wouldn’t trust a complete stranger with the keys to your house but this is exactly what security experts are prescribing in a desperate bid to scupper the threat posed by the Windows Metafile (WMF) Vulnerability, dubbed by the mother of all vulnerabilities as it affects all Windows Platforms since 1995.

Antivirus vendor F-Secure and the SANS Internet Internet Storm Center are both pressing users to use an unofficial patch from security software developer Ilfak Guilfanov.

Ilfak is no newcomer when it comes to patch work but some system administrators have voiced their reluctance to the idea of installing a patch that is not supported by Microsoft itself.

After all, who would provide help and support if the patch wreaks havoc in computer systems on which it is installed. Still, admins could be in an even greater danger if they ignore the patch as Microsoft is still not scheduled to release the official vulnerability patch until 10th of January 2006. That's still a couple of working days away.

In the meantime, I would definitely advise everyone to up their vigilance. You can bet your newly acquired iPod Nano that some wise guy is going to disguise a nasty piece of software as Ilfak’s patch and spam everybody in the next few hours.