WMF flaw to be patched this month

Share this article:

This month's "patch Tuesday" bulletin from Microsoft will feature a security update for the recently exploited Windows Meta File vulnerability.

The Redmond, Wash., company said Tuesday that it does not believe the scope of attacks on the flaw - which can result in PC shutdown - are widespread, adding that "customers who follow safe browsing best practices are not likely to be compromised by any exploitation of the WMF vulnerability."

"Microsoft has been carefully monitoring the attempted exploitation of the WMF vulnerability since it became public last week, through its own forensic capabilities and through partnerships within the industry and law enforcement," the company said in a statement. "Although the issue is serious and malicious attacks are being attempted, Microsoft's intelligence sources indicate that the scope of the attacks is not widespread. In addition, anti-virus companies indicate that attacks based on exploiting the WMF vulnerability are being effectively mitigated through up-to-date signatures."

Last week, the U.S. Computer Emergency Readiness Team and security firms warned that malicious users had set up attack websites to exploit the image vulnerability, from which they could execute arbitrary code, cause a denial of service condition or take complete control of an infected PC.

F-Secure said on Tuesday that code design from the 1980s is to blame for the vulnerability. The vulnerability exists on all Windows platforms, but only XP and 2003 are easily exploitable, the firm said.

"When Windows metafiles were designed in the late 1980s, a feature was included that allowed the image files to contain actual code. This code would be executed via a callback in special situations. This was not a bug; this was something that was needed at the time. This function was designed to be called by Windows if a print job needed to be canceled during spooling," the firm said.

The firm also warned of spoof emails pretending to be from the State Department or wishing users a happy new year. Numerous security experts recommended users consider unofficial patches that had been made available, such as one at http://www.hexblog.com.

Share this article:
close

Next Article in News

Sign up to our newsletters

More in News

AOL Mail hack furthers spam campaign using spoofed accounts

AOL confirmed on Monday that it was aware of the issue and working to remediate the situation.

Backdoors in Wi-Fi routers, said to be closed, can be reopened

Backdoors in Wi-Fi routers, said to be closed, ...

Although said to be patched, researcher Eloi Vanderbeken discovered during the Easter holiday that backdoors existing in certain wireless routers can be reactivated.

Apple ships Mac OS X updates, fixes several code execution bugs

Apple ships Mac OS X updates, fixes several ...

Among the addressed vulnerabilities, was a bug affecting WindowServer, which could allow an attacker to execute malicious code outside the sandbox.