Tuesday 3rd January, 2006 13:56 Comments: 0
There's an unofficial patch for the WMF vulnerability. I wouldn't normally push an unofficial patch (especially as I think it caused trouble on a 2003 server, so I had to restart it again before being able to log in, but it worked perfectly on a 2000 machine), but it doesn't look like Microsoft will have one for at least another week, and there's already lots of nasty malicious code floating around. As the author suggests, when MS get their act together, uninstall this patch and install theirs. Although it only gives someone the privileges of the local user, so many people use Administrators group accounts that it can be quite serious.