A security update for preview releases of Windows Vista fixes the same image-rendering vulnerability found in earlier versions of the operating system.
The patch fixes a vulnerability in the way the operating system's Graphics Rendering Engine processes Windows Meta File images. That bug was first discovered late last month as it was being exploited by cybercriminals to load spyware, adware and other malicious code onto the PCs of unwitting Windows users.
Microsoft earlier this month broke its monthly patching cycle to rush out a "critical" fix for Windows XP, Windows Server 2003 and Windows 2000. Vista is not listed in Microsoft's security bulletin as vulnerable, but the updates for the forthcoming OS release refer to the same page on Microsoft's support Web site for details on the security issue.
The WMF security problem drew an unusual response in the security world. One expert crafted his own fix for the problem, before Microsoft provided its security update. Industry experts called the WMF bug one of the most serious Windows flaws to date and recommended the third-party fix. Microsoft, meanwhile, said users were not under massive attack.
The flaw in the way WMF images are handled is not a typical security vulnerability that can be exploited by attackers, such as a buffer overflow. Instead, the WMF problem lies in a software feature being used in an unintended way, Microsoft has said.
When WMF files were designed in the late 1980s, a feature was included that allowed the image files to contain computer code that could be executed on a PC to increase usability on the slow systems of yesteryear. The graphics file format was introduced with Windows 3.0 in early 1990.
It was found that the WMF feature could be abused. A vulnerable Windows computer might have been compromised simply if the user visited a Web site that contained a malicious image file, or opened such a file in an e-mail message or an Office document.
When this security flaw came out only after a third party made their own fix and everyone else started using it, that's when microsoft sent out their fix ahead of schedule. Interesting...
The rise of Apple's stores is one of the past decade's great retail stories. So, why then does the company continue to creep back into the big-box outlets and will this hurt the brand?
The Samsung Galaxy Mini 2 S6500 could make its debut at the Mobile World Congress in Barcelona later this month, according to a leaked promotional image.
The space agency powered down its last System z machine, years after IBM stopped selling them for the mathematical calculation jobs NASA originally bought them for.
