Flaw in the Microsoft Windows Metafile (WMF) image-rendering engine

Seems like another critical flaw in..

Amid controversy and customer demand surrounding a flaw in its Windows operating system, Microsoft abandoned its announced timetable for supplying a fix and rushed a patch onto its Web site to correct a problem that could allow a hacker to gain control over desktops or servers.

The company said in a statement yesterday that it was reacting to "strong customer sentiment that the release should be made available as soon as possible" to patch the flaw in the Microsoft Windows Metafile (WMF) image-rendering engine. Microsoft also was feeling heat from security experts who said the vendor's response was too slow.

So how do you know if you're infected?

Originally, Microsoft had said it was testing a patch that would be available on January 10, the day of its regular monthly release of patches. Microsoft found out about the WMF exploit on December 27, and experts warned that waiting for a patch would be dangerous. Patch MS06-001 is the company's first patch of the New Year.

The WMF flaw has been the focus of a so-called zero-day exploit--malicious code that took advantage of the hole in the operating system and that either showed users the announcement "Congratulations, you've been infected!" before taking over their machines or worked silently in the background seeding the PC with spyware and adware.

Microsoft advised Windows user should wait for the official patch. Consumers who use Automatic Updates will receive the update automatically. Users also can manually download the update from Microsoft Update or Windows Update. Go here for more information.