Home Phone and Internet $60/mo
- Related Stories
-
FAQ: Getting a handle on Windows Vista
November 29, 2006 -
Microsoft to hunt for new species of Windows bug
January 9, 2006 -
Microsoft pushes out Windows patch ahead of time
January 5, 2006 -
Beating Microsoft to the punch
January 4, 2006 -
Wait for Windows patch opens attack window
January 3, 2006 -
Windows flaw spawns dozens of attacks
January 3, 2006 -
Microsoft launches updated Vista preview
December 19, 2005
Microsoft on Friday released what's believed to be the first security patch for Windows Vista, the next version of its flagship operating system. Updates are available for Windows Vista beta 1, released in July, and last month's Community Technology Preview release. The final version of Windows Vista is due by year's end.
The patch fixes a vulnerability in the way the operating system's Graphics Rendering Engine processes Windows Meta File images. That bug was first discovered late last month as it was being exploited by cybercriminals to load spyware, adware and other malicious code onto the PCs of unwitting Windows users.
Microsoft earlier this month broke its monthly patching cycle to rush out a "critical" fix for Windows XP, Windows Server 2003 and Windows 2000. Vista is not listed in Microsoft's security bulletin as vulnerable, but the updates for the forthcoming OS release refer to the same page on Microsoft's support Web site for details on the security issue.
The WMF security problem drew an unusual response in the security world. One expert crafted his own fix for the problem, before Microsoft provided its security update. Industry experts called the WMF bug one of the most serious Windows flaws to date and recommended the third-party fix. Microsoft, meanwhile, said users were not under massive attack.
The flaw in the way WMF images are handled is not a typical security vulnerability that can be exploited by attackers, such as a buffer overflow. Instead, the WMF problem lies in a software feature being used in an unintended way, Microsoft has said.
When WMF files were designed in the late 1980s, a feature was included that allowed the image files to contain computer code that could be executed on a PC to increase usability on the slow systems of yesteryear. The graphics file format was introduced with Windows 3.0 in early 1990.
It was found that the WMF feature could be abused. A vulnerable Windows computer might have been compromised simply if the user visited a Web site that contained a malicious image file, or opened such a file in an e-mail message or an Office document.
See more CNET content tagged:
Microsoft Windows Metafile,
flaw,
Microsoft Windows Vista,
security,
Microsoft Windows
- Congratulations Joris
- You've managed to write an article that doesn't upset anyone.
- Reply to this comment
- The first security related article
- The first security related article on Cnet without rent-a-quotes from a "researcher" or "expert". I'm amazed... did they put something in the water?
- Reply to this comment
- Interesting
- When this security flaw came out only after a third party made their own fix and everyone else started using it, that's when microsoft sent out their fix ahead of schedule. Interesting...
- Reply to this comment
