A. A vulnerability was found in the WMF definition that affects the Windows rendering engine (shimgvw.dll), which, unlike previous vulnerabilities, requires no user interaction to be activated. An infected image only has to be viewed on a Web site or in an email or even accessed via a desktop search engine (such as Google Desktop Search). It then can run code on the PC that could install malware. You can find more information about the vulnerability at the following URLs:

  • http://www.microsoft.com/technet/security/advisory/912840.mspx
  • http://www.kb.cert.org/vuls/id/181038

Microsoft released a fix on January 5--out of the regular fix cycle because the problem is so critical--and you should install the fix as soon as possible.