Microsoft Patches Windows Graphics Problem
Microsoft has released a patch that addresses three critical security vulnerabilities related to the way Windows processes the Metafile images.
The Windows Update MS05-053 was released yesterday as part of the company's monthly security update process.
The Metafile vulnerabilities, which affect most versions of Windows, could theoretically be exploited to allow a user to shut down or even gain control of an unpatched system by tricking a user into viewing a maliciously formatted Metafile image.
Windows Metafile is a graphics format used by some computer-aided design applications. Files that use this format have either a .wfm or .emf extension, according to a Microsoft spokeswoman.
The most likely way for an attacker to take advantage of these bugs would be by sending e-mail with a malicious graphic and hoping that it would be opened in Microsoft Outlook's preview pane. Attackers could also trick users into viewing such an image on a Web site.
The Windows Metafile problems affect virtually all supported versions of Windows, according to Microsoft's statement. Windows 98, Windows 98 Second Edition and Windows Millennium Edition are not affected, the statement said.
The Metafile vulnerabilities, which affect most versions of Windows, could theoretically be exploited to allow a user to shut down or even gain control of an unpatched system by tricking a user into viewing a maliciously formatted Metafile image.
Windows Metafile is a graphics format used by some computer-aided design applications. Files that use this format have either a .wfm or .emf extension, according to a Microsoft spokeswoman.
The most likely way for an attacker to take advantage of these bugs would be by sending e-mail with a malicious graphic and hoping that it would be opened in Microsoft Outlook's preview pane. Attackers could also trick users into viewing such an image on a Web site.
The Windows Metafile problems affect virtually all supported versions of Windows, according to Microsoft's statement. Windows 98, Windows 98 Second Edition and Windows Millennium Edition are not affected, the statement said.