Windows Vulnerability Allows Malicious Code In Graphics
January 04, 2006 05:42 AM EST

On December 27, a discovered flaw in Microsoft Windows operating systems was made public. This flaw in the handling of Windows meta Files (.wmf), an older graphics format, allows malicious code to be inserted into graphics images, which will then infect the target upon viewing the image.

Microsoft has issued an advisory on the vulnerability and its exploit at http://www.microsoft.com/technet/security/advisory/912840.mspx but has yet to release a patch – currently slated to release on January 10th, provided it passes microsoft's rigorous pre-release testing. The patch will appear on Windows Update and Windows download websites. Machines configured to obtain critical updates automatically will receive this patch. All others should visit the Microsoft Update site once the patch is released to download and install it.Fortunately, the known exploits of this vulnerability are being effectively mitigated by up to date antivirus and antispyware software, though the vulnerability remains open until patched.
The rest