Microsoft Releases Metafile Patch Early

Microsoft released the patch for the zero-day Metafile vulnerability on Thursday, five days ahead of its previously-announced schedule. The fix was pushed to customers via the Redmond, Wash.-based developer's regular update services around 1 p.m. PST, 4 p.m. EST.

The security update, labeled MS06-001, has been in development and testing since soon after the Windows bug was made public last week. By Wednesday, there were indications from Microsoft and others that the patch was close to release.

"The development and testing teams have put forth a considerable effort to respond to the strong customer sentiment that the release should be made available as soon as possible," a Microsoft spokesperson said Thursday afternoon. "As a result the testing process has been completed earlier than expected and the security update is ready for release today."

Earlier, Microsoft had said that it would release the hot fix ahead of schedule -- or out-of-cycle, as the company calls it -- if it detected an uptake in the number or pattern of exploits that have been attacking Windows PCs via malicious and compromised Web sites. In a supporting statement Thursday, the company denied that was now the case.

"Microsoft’s monitoring of attack data continues to indicate that the attacks are limited and are being mitigated both by Microsoft’s efforts to shut down malicious Web sites and with up-to-date signatures form anti-virus companies," the online statement read.Microsoft delivered the patch using its standard mechanisms. Consumers who have set Windows for Automatic Updates, for instance, should receive the patch automatically. Others can manually download and install the patch using the Microsoft Update or Windows Update sites, while enterprises will receive the fix automatically through Windows Server Update Services.

The patch is quite small by Microsoft standards -- less than 200K for Windows XP -- but requires that the PC be rebooted.

The company plans to host a Webcast Friday on the vulnerability and its patch; Windows users can register for the online session here.