It does have some of the earmarks of a nasty situation. For one thing, if you're running Windows—any version—you're vulnerable. Even the 1990 version of Windows 3.0 is vulnerable!

While you were out partying this weekend I was reading security discussion lists and testing malware (yes, I know, my wife wants me to seek help for this problem too). Some respected people out there think this is one of the all-time bad ones.

For advice on how to secure your network and applications, as well as the latest security news, visit Ziff Davis Internet's Security IT Hub.

On the other hand, it's Monday morning, Jan. 2, and none of the major anti-virus has a serious alert up. McAfee, Symantec, Trend and Panda all show no alarm, and the ones that have a general level of alertness are all showing a low level. Panda can usually be counted on for some hysteria at a time like this, and Computer Associates doesn't even seem aware of the threat on its site.

There is F-Secure, who is showing a Level 2 (out of 3) alert. F-Secure has been on top of this situation from the very beginning, and perhaps it is the only one with staff working to update its site over the holiday.

Well, that's getting a little too mean. As I pointed out in an earlier piece, actual testing of 73 variants of this threat shows excellent protection common among anti-virus vendors. As of Saturday morning, the 100 percent list included AntiVir, Avast, BitDefender, ClamAV, Command, Dr Web, eSafe, eTrust-INO, eTrust-VET, Ewido, F-Secure, Fortinet, Kaspersky, McAfee, Nod32, Norman, Panda, Sophos, Symantec, Trend Micro and VirusBuster. If you're a user of one of these products and you keep your anti-virus updated, odds are good that you're protected against any exploits you're likely to see.

Click here to read more from Larry Seltzer on the WMF flaw.

And as one of the anti-virus vendors pointed out to me, there may be dozens of variants out there and a first attempt at an IM worm, but there is no major attack yet. In other words, there may be a major vulnerability, but there is no major exploit, and you're unlikely to encounter one unless you spend a lot of time on porn sites or already are running adware.

Next page: There are worse attacks than this.

Personally, I reserve the level of anxiety I'm seeing out there for network worms like Blaster and Sasser, not for threats that, as far as we can tell so far, require user action. It could be that someone will come up with a way to make these exploits work without the user having to open a file or navigate to a Web site, but it hasn't happened yet, and it might not. And in the meantime, mainstream security products are dealing with the problem.

And there are other things that proactive users and administrators can do. There's Microsoft's workaround, which disables the Windows Picture and Fax Viewer program (see Microsoft's advisory for details). This is not a fix for the basic problem, but rather it blocks the most prominent vector for exploiting this vulnerability. There are other vectors, such as Microsoft Paint, Lotus Notes and probably many other applications. Still, this solution does have the advantages of being safe, albeit at the loss of some system functionality (your picture viewer and thumbnails in Windows Explorer), and having the explicit endorsement of Microsoft.

But there's a better, although somewhat riskier, solution: A well-known programmer named Ilfak Guilfanov has released a patch he wrote that addresses the core problem by disabling the Windows functionality on which the exploits depend. Guilfanov has tested it on Windows 2000 (SP4), XP 32-bit, XP 64-bit and Windows Server 2003. This patch comes with an uninstaller that I have tested, albeit on a single box, and it works.

The consensus in the security discussions I have read is that the removed Windows functionality is not something that will ever be missed, but that strikes me as an arrogant assumption. There's an astonishing amount of code written for Windows and, as Guilfanov himself explained in a security discussion this weekend, there are legitimate uses for it. The real solution would be a real patch from Microsoft for the vulnerable code, one that has been tested on all the supported versions, including the international ones.

I hope this next statement is quickly made obsolete, but as I write this we still don't have a patch. I'm ready to say that Guilfanov's patch appears safe and effective for mainstream U.S. versions of Windows, but I would have preferred a more comprehensive test.

Yes, we could still have a major outbreak on our hands, but I'm reasonably satisfied that the people most likely to be affected are those who leave their PCs unprotected by anti-virus software and credulously open files sent by strangers. Indeed, the most likely way to be attacked through this vulnerability is by viewing an adware-infected Web site that you are most likely to visit when redirected by adware already on your system. Exploiting the already exploited doesn't score you any points in the malware business.

And you do need to be either already exploited or credulous enough to get yourself there to fall for this. Actually, the very fact that you read this column probably makes you too aware of security issues to be attacked successfully.

Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983.

Check out eWEEK.com's for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzer's Weblog.

More from Larry Seltzer

Discuss How Serious Is the WMF Vulnerability?   Every one knows that modern life is not very cheap, nevertheless different people... >>> Post your comment now!

>>> More Web Design Articles          >>> More By Larry Seltzer