http://arstechnica.com/journals/microsoft.ars/2006/1/7/2394

Grab the patch here

I'm glad to see MS didn't drop the ball with this one.

This was released on Thursday >.>

8 Days IS a long time to code an entire patch that works on every single OS and produces results that don't further open the security hole.[/sarcasm]

Glad to see they hopped on it so quick, actually. SP2 fixed some major holes and that didn't come out for, what, 2 or 3 years?

Indeed.

Would it be safe to assume that windows update automatically downloaded and installed this when I ran it yesterday?

I'll agree that for a multi-billion dollar software giant, Microsoft is rather slow at patching severe exploits, but to be fair, a lot of updates in SP2 were gradual and had been released previously. Service packs are largely accumulations of patches.

For the sake of a fairly small file (I think it was about a meg when I patched Izzy's laptop) I'd go get it.

Go to add/remove programs & select show updates.

Look for Windows Security Update KB912919. If you have it, you're all set. If you don't, go get it.

This is assuming you're on WinXP..I don't know if it's the same # for 2k.

If an exploit is found, is there any real incentive for Mircosoft to update right away?

Dang... I can't get the patch installed! It says I need version one of the servicepack first. I have SP1 though... I wonder if it means SP2. If that is the case, then I have a problem, because I have tried several times, but I simply can't install SP2 on my comp. =\

Wow, uh, that's really bad. You might want to get that working.

oh... yeah, the .wmf issue is sort of the least of your worries if you don't have SP2...

haha, I remember last summer, "oh nos, SP2 will break all your applications, don't get it!"

and now? "you'd better have SP2 or you're in big trouble."

Reality can change. It's just a matter of time.

Heh, new vulnerability found in WMF: http://blogs.technet.com/msrc/archive/2006/01/09/417198.aspx

Not as severe as the previous exploit, but usable for a simple DoS.

Not so much reality changing as the patching process for SP2 changed. They fixed a lot of the major bugs with it--originally it would stop during installation (voiding your current windows installation, making you reformat and reinstall), install wrong (same thing as before) or have weird settings upon installation and make certain drivers not work.