WMF flaw to be patched this month

Share this article:

This month's "patch Tuesday" bulletin from Microsoft will feature a security update for the recently exploited Windows Meta File vulnerability.

The Redmond, Wash., company said Tuesday that it does not believe the scope of attacks on the flaw - which can result in PC shutdown - are widespread, adding that "customers who follow safe browsing best practices are not likely to be compromised by any exploitation of the WMF vulnerability."

"Microsoft has been carefully monitoring the attempted exploitation of the WMF vulnerability since it became public last week, through its own forensic capabilities and through partnerships within the industry and law enforcement," the company said in a statement. "Although the issue is serious and malicious attacks are being attempted, Microsoft's intelligence sources indicate that the scope of the attacks is not widespread. In addition, anti-virus companies indicate that attacks based on exploiting the WMF vulnerability are being effectively mitigated through up-to-date signatures."

Last week, the U.S. Computer Emergency Readiness Team and security firms warned that malicious users had set up attack websites to exploit the image vulnerability, from which they could execute arbitrary code, cause a denial of service condition or take complete control of an infected PC.

F-Secure said on Tuesday that code design from the 1980s is to blame for the vulnerability. The vulnerability exists on all Windows platforms, but only XP and 2003 are easily exploitable, the firm said.

"When Windows metafiles were designed in the late 1980s, a feature was included that allowed the image files to contain actual code. This code would be executed via a callback in special situations. This was not a bug; this was something that was needed at the time. This function was designed to be called by Windows if a print job needed to be canceled during spooling," the firm said.

The firm also warned of spoof emails pretending to be from the State Department or wishing users a happy new year. Numerous security experts recommended users consider unofficial patches that had been made available, such as one at http://www.hexblog.com.

Share this article:
You must be a registered member of SC Magazine to post a comment.
close

Next Article in News

Sign up to our newsletters

More in News

More exploits, including Silverlight attack, packed in Nuclear kit

More exploits, including Silverlight attack, packed in Nuclear ...

Since the year's start, the number of exploits used by the kit has doubled, Trend Micro found.

Researchers discover Tinba variant with 64-bit support, other tricks

Researchers discover Tinba variant with 64-bit support, other ...

Seculert researchers discovered a variant of the Tinba banker trojan that can infect more systems and better skirt detection.

Policy violation letters trick SMB workers into downloading malware

Bitdefender researchers detected an uptick in computers infected by Zbot via dozens of ARJ-compressed files.