A researcher published a new Windows MetaFile (WMF) vulnerability yesterday. The vulnerability exploits the same GDI Client DLL library as did the previous zero-day WMF flaw. Unlike its predecessor, though, the new WMF vulnerability is considered low-risk. A determined and sophisticated hacker could exploit the hole to gain administrative privileges. It’s unclear if a patch for this bug will be among the 12 that Microsoft releases tomorrow on its monthly Patch Tuesday. For now, the only way to protect yourself is to restrict WMF file access to trusted users and documents.”]
Source: https://www.darkreading.com/analytics/new-wmf-bug-on-the-loose