- Related Stories
-
Microsoft pushes out Windows patch ahead of time
January 5, 2006 -
Windows flaw spawns dozens of attacks
January 3, 2006
Mikko Hypponen, chief research officer at F-Secure, posted an item on the company's blog Monday outlining a WMF exploit on the home page for AMD-sponsored discussion forums. The exploit has since been removed, AMD said.
WMF exploits can trick users into viewing images or visiting Web sites that carry malicious software called Trojan horses. Once installed on a vulnerable PC, the software can allow an attacker to execute code on the system.
The forums were taken offline as soon as AMD learned of the exploit, said Drew Prairie, a spokesman for the Sunnyvale, Calif.-based chipmaker. The forums are maintained by another company that apparently failed to update its software in order to protect against the exploit, he said. Prairie was unaware of the name of the company, which is dealt with by AMD's staff in Europe.
The forums were back online late Monday afternoon. A poster started a thread on Saturday warning other forum users about the exploit. The discussions on the site usually center around building AMD-based PCs or bashing Intel, but visitors over the weekend got an unexpected lesson in Windows and Internet Explorer security techniques.
Microsoft was forced to issue an out-of-cycle patch in early January in response to the nasty WMF flaw, after originally planning to include the fix along with its usual monthly batch of patches. Windows users who downloaded that patch when it was distributed were protected if they visited the AMD discussion forum on Monday, Prairie said.
See more CNET content tagged:
WMF vulnerability, Microsoft Windows Metafile, exploit, AMD, forum
issues.
- AMD Forums laid low
- by Pluqueric February 1, 2006 6:43 AM PST
- I hope someone will be thoughtful enough to explain this situation to someone like me who does not quite understand. The only way I'm going to learn to ask questions.
- Reply to this comment
-
-
- Feature or bug
- by Phillep February 1, 2006 10:28 AM PST
- The feature was intended, the full range of things it could be used for was not.
-
-
(8 Comments)Please explain exactly what happened: was it something done deliberately by Microsoft? If gone undetected, would it have created severe problems for AMD users?
I have tried to read as much as I can on this subject, but I am still in the dark. Please help.
It's a problem for AMD users who have unpatched Microsoft in their computers.