The exploit of course. The fix is supplied from a very trustworthy source.
I'll take my chances.

Woody

"Wesley Vogel" <123WVogel955@comcast.net> wrote in message
news:OBY33lOEGHA.1508@TK2MSFTNGP15.phx.gbl...
> Which is worse, a hurry-up-untested-fix or the exploit?
>
> --
> Hope this helps. Let us know.
>
> Wes
> MS-MVP Windows Shell/User
>
> In news:%233fvvhOEGHA.1312@TK2MSFTNGP09.phx.gbl,
> woody <woody@woohoo.ca> hunted and pecked:
>> Here is a temporary fix.
>>
>> http://www.grc.com/sn/notes-020.htm
>>
>> Good luck.
>>
>> Woody
>>
>> "dblues" <dblues@discussions.microsoft.com> wrote in message
>> news:C4E2B543-C7A3-4240-A8E6-5E61E614C405@microsoft.com...
>>> NEW YORK (Dow Jones)--Microsoft Corp. (MSFT) plans to release a patch
>>> for
>>> a
>>> new security flaw at its next scheduled update release on Jan. 10,
>>> leaving users largely unprotected until then from a rapidly spreading
>>> computer virus
>>> strain.
>>>
>>> "Microsoft's delay is inexcusable," said Alan Paller, director of
>>> research at computer security group SANS Institute. "There's no excuse
>>> other than incompetence and negligence."
>>>
>>> "It's a problem that there's no known solution from Microsoft," said
>>> Alfred
>>> Huger, senior director of engineering at Symantec Corp.'s (SYMC)
>>> security
>>> response team.
>>>
>>> SANS Institute, via its Internet Storm Center, has taken the unusual
>>> step
>>> of
>>> releasing its own patch for the problem until a Microsoft-approved fix
>>> is
>>> available. "It's not something we like to do," said Paller.
>>>
>>> The Internet Storm Center, which tracks viruses and other outbreaks on
>>> the Web, increased the threat level to "yellow" - a warning that means a
>>> significant new threat is developing.
>>>
>>> Microsoft said evaluation and testing affect the timing of security
>>> patches.
>>> "Creating security updates that effectively fix vulnerabilities is an
>>> extensive process. There are many factors that impact the length of time
>>> between the discovery of a vulnerability and the release of a security
>>> update," Microsoft said in a security advisory on its Web site.
>>>
>>> "Quality is the gating factor," said a Microsoft spokeswoman. The
>>> company
>>> views the issue as "serious," but believes that "the scope of the
>>> attacks
>>> is
>>> not widespread," she added.
>>>
>>> The attack is the latest to hit Microsoft, despite redoubled efforts to
>>> respond to security threats. With more than 90% of personal computers
>>> running
>>> Windows, it represents the biggest target for hackers.
>>>
>>> The virus began spreading last week, as hackers took advantage of a
>>> previously unknown flaw in Windows Meta File code in what is known as a
>>> "zero-day attack."
>>>
>>> The small amount of code in the virus can call down other programs that
>>> could install spyware to steal personal data or turn a system into a
>>> "bot" (a
>>> computer controlled by hackers).
>>>
>>> "The flaw is fairly significant in terms of its reach," said Alain
>>> Sergile,
>>> product manager at Internet Security Systems Inc.'s (ISSX) X-Force
>>> threat
>>> analysis service.
>>>
>>> The bug was found in current server and desktop versions of Windows and
>>> is considered serious because it requires relatively minor user
>>> interaction to
>>> be unleashed. The virus is carried in picture files and can be triggered
>>> if
>>> an image is viewed in an email or on an infected Web site. It is also
>>> being
>>> distributed through Instant Messenger.
>>>
>>> Johannes Ullrich, chief research officer at SANS Institute, said there
>>> are hundreds of Web sites that carry the infected images, and he's
>>> tracking the
>>> possibility that an online ad service is serving up infected image
>>> files.
>>> He
>>> says 5% to 10% of users appear to be infected, "an order of magnitude
>>> more than other attacks."
>>>
>>> Google Inc.'s (GOOG) desktop search tool can also trigger the virus as
>>> it
>>> indexes files on a computer, even if the image hasn't been viewed by the
>>> user.
>>>
>>> The virus takes advantage of the way Windows processes Windows Meta
>>> Files, or WMF, images. These file types can carry more common .jpg
>>> extensions, but
>>> still carry the malicious code.
>>>
>>> Microsoft recommends users unregister a file called shimgvw.dll. "While
>>> this
>>> workaround will not correct the underlying vulnerability, it helps block
>>> known attack vectors," the software maker says in its security advisory.
>>>
>>> Security experts are advising people to turn off preview panes in email
>>> programs like Outlook and be very careful about what web sites they
>>> visit
>>> and
>>> what emails they open.
>>>
>>> -By Chris Reiter, Dow Jones Newswires; 201-938-5244;
>>> chris.reiter@dowjones.com
>