Samsung Unpacked: Everything Announced Galaxy Buds 2 Pro Preorder Galaxy Watch 5 Galaxy Z Fold 4 Dell XPS 13 Plus Review Galaxy Z Fold 4 Preorder Apple TV 4K vs. Roku Ultra Galaxy Z Flip 3 Price Cut
Want CNET to notify you of price drops and the latest stories?
No, thank you

Windows users swamp WMF patch site

Site hosting unauthorized protection against Microsoft flaw goes offline after "half the planet" tries to download the fix.

A site hosting unauthorized protection against the Microsoft Windows Meta File flaw has been taken offline after being swamped by users trying to protect themselves from a growing list of threats.

Ilfak Guilfanov's personal Web site was switched off by his hosting provider on Wednesday morning after hordes of Microsoft users scrambled to download his unofficial patch against the WMF vulnerability, according to antivirus company F-Secure.

The site was temporarily closed as "half the planet tried to download WMFFIX_HEXBLOG.EXE" F-Secure reported in its blog.

At the time of writing, the unofficial patch is again available from Guilfanov's site. It's also available from the Sunbelt Blog.

Microsoft has advised businesses not to use the patch, as the company cannot guarantee it will work. But with no official patch due to be released until next week, security experts are urging businesses to use the unofficial patch because of the serious nature of the WMF vulnerability.

The WMF flaw can be used by malicious software to surreptitiously install spyware on a user's PC or allow a hacker to control the machine remotely.

Several attacks have been detected since late December, and on Wednesday, experts detected another Trojan horse that exploits the flaw. F-Secure warned that the Trojan was spreading in spam e-mails labeled as coming from Yale University.

To minimize risk from the Trojan, system administrators have been advised by F-Secure to block user access to the following:

• HTTP access to playtimepiano(dot)home(dot)comcast(dot)net
• TFTP (ie. UDP) access to
• IRC access to
• IRC access to
• IRC access to
• IRC access to
• IRC access to

F-Secure warned businesses and system administrators not to visit the HTTP address.