Loading
-
Microsoft Patches Graphics Flaws
Techtree News Staff, Nov 10, 2005 1827 hrs ISTMicrosoft has released a patch to fix 2 critical flaws in Windows, related to the processing of graphics files.
According to reports, Microsoft has released a patch to fix 2 critical vulnerabilities in Windows; these are related to the processing of graphics files and might be exploited by hackers to take control of vulnerable systems.
The first vulnerability concerns a flaw in the Windows' Graphics Rendering Engine, which comes into play while rendering certain malformed Enhanced Metafile (EMF) and Windows Metafile (WMF) image files.
eEye Digital Security discovered this flaw on March 29th , and it was accorded a "high" severity rating by Microsoft, since it allows malicious code to be executed with minimal user interaction through commonly used media.
The second vulnerability was discovered by Venustech AdDLab, eEye Digital Security and Symantec Security Response. This flaw is a similar, high-risk, heap overflow in WMF; hackers can exploit it by embedding the image in an Office document, or by convincing the user to view an HTML email in Outlook, etc.
Both "critical" flaws affect Windows Server 2003, Windows NT 4.0, Windows 2000, and Windows XP (including those running SP2) systems. In effect, almost all Windows users will have to apply Microsoft patch (MS05-053); the singular patch released by Microsoft, as part of its regular monthly update on Tuesday.
The first vulnerability concerns a flaw in the Windows' Graphics Rendering Engine, which comes into play while rendering certain malformed Enhanced Metafile (EMF) and Windows Metafile (WMF) image files.
eEye Digital Security discovered this flaw on March 29th , and it was accorded a "high" severity rating by Microsoft, since it allows malicious code to be executed with minimal user interaction through commonly used media.
The second vulnerability was discovered by Venustech AdDLab, eEye Digital Security and Symantec Security Response. This flaw is a similar, high-risk, heap overflow in WMF; hackers can exploit it by embedding the image in an Office document, or by convincing the user to view an HTML email in Outlook, etc.
Both "critical" flaws affect Windows Server 2003, Windows NT 4.0, Windows 2000, and Windows XP (including those running SP2) systems. In effect, almost all Windows users will have to apply Microsoft patch (MS05-053); the singular patch released by Microsoft, as part of its regular monthly update on Tuesday.
Discussion Board
CS Shyam Sundar
,coimbatore, on Nov 11, 2005 10:32 AM
Report abuse
Opinion Poll
- Which desktop web browser do you use?
-
Internet Explorer
Firefox
Chrome
Safari
Opera
Other (specify in comments)
Poll Results View Previous Polls