Who do you pay attention to for advice on Windows vulnerability?

When news about the latest Windows vulnerability gets talked about in the news all over the place, you tend to pay close attention.

If you haven’t been doing that, here’s what this latest issue is all about, involving a Trojan called Exploit-WMF which is spread via some instant messaging software and email.

It’s actually hard to tell what to do with so much conflicting and downright wrong advice being bandied about.

Microsoft’s advice yesterday is to wait until an official patch comes out on 10 January:

[…] Although the issue is serious and malicious attacks are being attempted, we have found that the scope of the attacks is not widespread. AV companies have also indicated that attacks are being effectively mitigated through up-to-date signatures.

On the other hand, some experts advise using an unofficial patch to combat this latest Windows vulnerability rather than wait a week for Microsoft’s fix.

If you decide not to use the unofficial patch and instead wait for Microsoft, at least make make sure all your antivirus and antispyware signatures are up to date. And take extra care with your IM sessions.