New Zero Day Exploit Discovered

The F-Secure blog is reporting that there is a new zero-day exploit for a vulnerability in Windows image rendering, namely with WMF (Windows Metafile) images. The exploit, dubbed W32/PFV-Exploit by F-Secure, downloads a variety of Trojan horse programs, leaving the affected machine open to further attack. For more details about this threat, see New WMF 0-day Exploit. There is no response yet from Microsoft or any estimate for when a patch might be available.

Update (12/30): Mirosoft has now issued a Security Advisory related to this threat. While it acknowledges that Microsoft is aware of and currently investigating the issue, it does not provide much more. For details about the threat, and workarounds you can use to protect your computer, see WMF Image Handling Exploit Discovered by Mary Landesman on the About.com Antivirus site.