The WMF Problem
A lot has been made of this issue, with Microsoft trying to downplay the bug, and most computer security experts have taken them to task for this. Some people have even suggested that Microsoft purposely included the bug in WMF files, so that they would have a backdoor into users' computers, which they hotly deny. I have to say in their defense that this is probably unlikely. Besides, since when are stupid unpatched vulnerabilities in Windows products a surprise?
At any rate, Microsoft released a patch for this bug, so if you have Windows 2000/XP and you have automatic updates turned on, you probably already have it. If you don't have automatic updates, visit Windows Update now to get it. So what if you're like me, and have automatic updates on, but you just want a little extra assurance that you got the patch? Well, yesterday in Fred Langa's excellent Langa List, he recommended a tool to do just that. It's called MouseTrap. It's a tiny download, an .exe file, and you just run it once you download it. It will almost instantly tell you whether your system has been patched against this vulnerability. The page it's on also has some great information about the bug.