Those of you running Windows XP, or any related operating system, ought to take heed. A new vulnerability has been found in Windows and it's already spreading spyware and worse like mad.
Essentially it exploits a vulnerability in the .wmf file parsing in Windows. Internet Explorer and Outlook automatically execute commands in these 'picture' files - but they are a lot more than that. Merely visiting a page in internet explorer, seeing an e-mail in Outlook or actively viewing images through Thunderbird, or actively downloading and playing them in Firefox or Opera can trigger the vulnerability.
A current fix is to disable the rendering of wmf files, via the following instructions:
1. Click on the Start button on the taskbar.
2. Click on Run...
3. Type "regsvr32 /u shimgvw.dll" to disable.
4. Click ok when the change dialog appears.
This may cause some other troubles with some thumbnail-viewing applications, since it is a disabled feature.
Once Microsoft releases a patch, you can re-enable it by replacing step 3 above with:
regsvr32 /u shimgvw.dll