Microsoft rushes out Windows fix

The severity of the bug has forced Microsoft to move quickly

The severity of a recently discovered bug in Windows has made Microsoft release a patch for the loophole early.

Originally Microsoft was due to release the patch on 10 January as part of its regular monthly security updates.

But the number of malicious hackers preparing to exploit the bug has led the software giant to speed up the release.

Before Microsoft produced its patch, users had been relying on unofficial fixes to protect themselves.

Attack vector

The fix now available closes a loophole found in the way that many versions of Windows handle certain types of images.

By putting exploit code in webpages or e-mail attachments, the loophole could be used to take over a Windows PC or install spyware that could be used to gather confidential information.

Vulnerable versions of Windows include include ME, 2000, XP and Server 2003.

The Windows Meta File vulnerability was first found on 27 December and Microsoft was planning to fix the problem in the scheduled security update that usually takes place on the second Tuesday of every month.

In the interim, expert Windows programmer Ilfak Guilfanov produced an unofficial patch but many found it hard to get hold of this fix as the site hosting it was regularly overwhelmed by users keen to protect themselves.

Initially Microsoft played down the discovery of the bug and said there was little evidence that malicious hackers were moving to exploit it.

However, as tools began circulating online that made it much easier to craft code to exploit the bug many security experts feared that a major incident was imminent.

Security firms reported that attacks mounted via the bug were starting to stack up.

Microsoft said it brought forward the release of the patch because of "strong customer sentiment that the release should be made available as soon as possible".

Users were urged to download and apply the patch and update anti-virus and anti-spyware programs immediately.