Microsoft has issued a security advisory warning against an unpatched security hole in Windows that is actively being exploited by online criminals.
Attackers are using a flaw in the way that Windows handles the .wmf (Windows Metafile) graphic file format. A specially crafted .wmf image placed on a website or sent through a spam email will allow the criminal to execute code on a user's system.
Read the complete story here. (vnunet)