Yes, it’s serious.
But, no, you don’t have to go through withdrawal. In an unprecedented move, Microsoft has released the patch for the problem ahead of schedule.
Become a Patron of Ask Leo! and go ad-free!
If you have Automatic Updates enabled, as most of you should, then you may already have the fix. It appeared on my machines this morning.
If you don’t have automatic updates enabled, the you should immediately visit the Microsoft page that includes the update for what’s been called the WMF Exploit here. You’ll find downloadable patches to install on your machine that will remove the vulnerability.
Well, most of you will.
At this writing, there is no plan for a fix for Windows 95, 98 or Windows Me, because, as explained in the FAQ section of that page, the issue doesn’t exist, or isn’t as severe, on those operating systems.
So why is this such a big deal?
Because, in a nutshell, simply displaying a picture that was crafted by some malicious individual could result in your machine being infected with viruses, spyware or worse. (“WMF” stands for “Windows MetaFile”, one of the many different formats for computer images.) Simply looking at a picture. In fact, if you have tools such as Google’s desktop installed, it may “look at the picture”, perhaps something attached to a questionable email you received, as part of it’s work, and cause you to be infected, even if you didn’t actually look at it yourself.
While there are few reports of actual damage having been done due to this vulnerability, the potential is certainly there, and you should make sure that you’ve updated as soon as possible.
And as always:
My school got so scared about it that last weekend, they made it so that all of the 95,000 students in the district could not use paint, Microsoft Pic & Fax Viewer, or Microsoft Photo Editor.