The Windows Metafile vulnerability is being exploited by email since Dec/31, and viewing one of the specially hacked image (which may have a .JPG or other image extension, but actually contain a Windows Metafile format image) may be sufficient to infect any Windows computer. Some emails containing such an image have been sent as spam; another style containing a link to a website with an infected image has been received at UBC, claiming to be a Christmas card.
UBC ITservices will block emails with URLs that point to such websites, but we cannot block email with .JPG attachments. We will ask Sophos for the best blocking they can offer.
Microsoft does not yet have a patch. For protecting Windows systems, please see http://www.kb.cert.org/vuls/id/181038 for general information (including links to Microsoft incomplete workaround – disabling default Microsoft “Image and Fax Viewer”). In addition, we recommend configuring your windows email software to not display preview of messages.