Regarding the unoffical patch provided by Ilfak Guilfanov, I installed it on my system, having no problems at all. Of couse it is questinonable to install software from "unknown" sources, but this patch was examined by sans.org and if youdon't trust them, you could look at the source code yourself. Removing was painless and as far as I can tell it left nothing behind.
Reiner
Of course I Trust Sans.org.
But MANY people have had problems with the unofficial patch.
So I was in doubt. But I decided to wait for the official patch.
I think about e.g. localication problems in my Norwegian version of XP. MS are making patches for 20+ languages.
Here is a bit from the advisory:
"
What’s Microsoft’s response to the availability of third party patches for the WMF vulnerability?
Microsoft recommends that customers download and deploy the security update for the WMF vulnerability that we are targeting for release on January 10, 2006.
As a general rule, it is a best practice to utilize security updates for software vulnerabilities from the original vendor of the software. With Microsoft software, Microsoft carefully reviews and tests security updates to ensure that they are of high quality and have been evaluated thoroughly for application compatibility. In addition, Microsoft’s security updates are offered in 23 languages for all affected versions of the software simultaneously.
Microsoft cannot provide similar assurance for independent third party security updates.
"
That made MY decision.
HL