But this is a different exploit.....I don't think that helps with this one!
From Cicero's posting # 38 above......and see Company Man posting at #25.
***********************************************
A new exploit has been discovered in the wild that affects fully patched Windows XP SP2 systems, according to reports by security firms F-Secure and Sunbelt. The malicious code takes advantage of a vulnerability in the WMF graphics rendering engine to automatically download and install malware.
WMF, or Windows Metafile, is a vector based image format used by Microsoft's operating systems. SHIMGVW.DLL is loaded to render the images and contains a flaw that opens the door for a malformed WMF image to cause remote code execution and potentially allow for a full system compromise.
Microsoft previously fixed a vulnerability affecting WMF and EMF files in November. That problem affected Windows 2000, XP and Windows Server 2003.
That's what I was looking for and didn't see. Microsoft will probably patch it by their next release so the safest course in XP till then would be to unregister the shimgvw.dll file and do all surfing in a restricted account.
Yes, I realize that this latest is a different exploit than in reference to the Java/ActiveX disablement mentioned earlier -- but I was (earlier, Java/AX) including a tangential security helps, that's all, that it's wise to have those two capabilities turned off, both in the browser and set to be suppressed by your firewall.