As posted earlier, there is a very serious flaw in Windows now dubbed the “Zero-Day Bug.” I will desribe what it is in this post and then immediately follow it up with a post on how to protect yourself until Microsoft issues a hotfix that patches the hole.

Essentially, someone has written a virus that takes advantage of the fact that Windows has an error with the way it handles corrupted Windows MetaFiles. More specifically, a lack of input validation in one of these routines may allow a buffer overflow to occur. This can be exploited to execute arbitrary code by tricking a user into opening a malicious “.wmf” file in “Windows Picture and Fax Viewer” or previewing a malicious “.wmf” file in explorer (i.e. selecting the file).

This can be exploited automatically when a user visits a malicious web site using Microsoft Internet Explorer. It must be stated that although using another browser has been a suggested fix, any browser that uses the Windows Picture and Fax Viewer to open an image is vulnerable.

The code for this virus is currently in the wild, or publicly available, and there are currently over 50 known strains of it.

The following systems are vulnerable:

Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Web Edition
Microsoft Windows Small Business Server 2003
Microsoft Windows XP Home Edition
Microsoft Windows XP Professional
Microsoft Windows Small Business Server 2003
Microsoft Windows Storage Server 2003
Microsoft Windows XP Tablet PC
Microsoft Windows XP Media Center 2004/2005
Microsoft Windows XP Embedded??
Microsoft Windows Server 2003 R2 Enterprise Edition
Microsoft Windows Server 2003 R2 Standard Edition