Are Hotlinked Images Now a Liability?

ConcernedImage asks: "I work for a company that has a strong online community, with a full set of message boards that currently allow external image hotlinking. With the new WMF exploit out there, all it takes is one user to link to a bad image, and suddenly it's -our- web site inflicting the computers of others (at least, as far as our users are concerned). Is allowing hotlinked images a legal liability now? What steps are other online communities taking to protect themselves and their users against this?"

Taking steps?

[Schezar]

What steps are other online communities taking to protect themselves and their users against this?"

Using Linux? Using a Mac?

I kid. But seriously, the issue is PC security, not server security. If your PC is vulnerable to an exploit simply for viewing an image, the problem is YOURS, not the server that happens to link to an image that happens to use that exploit.

Y!PP did block inline images

[Scarblac]

The forums of Puzzle Pirates switched off all images when it became clear how bad this exploit is. They later turned back on avatars, since they're checked by the server (only accepts JPEGs and GIFs of a certain max size, and then stored server side, as far as I know).

The original announcement said they'd be back when Microsoft release their official patch, but I think PP is giving everybody time to patch first.