A security update for preview releases of Windows Vista fixes the same image-rendering vulnerability found in earlier versions of the operating system.
The patch fixes a vulnerability in the way the operating system's Graphics Rendering Engine processes Windows Meta File images. That bug was first discovered late last month as it was being exploited by cybercriminals to load spyware, adware and other malicious code onto the PCs of unwitting Windows users.
Microsoft earlier this month broke its monthly patching cycle to rush out a "critical" fix for Windows XP, Windows Server 2003 and Windows 2000. Vista is not listed in Microsoft's security bulletin as vulnerable, but the updates for the forthcoming OS release refer to the same page on Microsoft's support Web site for details on the security issue.
The WMF security problem drew an unusual response in the security world. One expert crafted his own fix for the problem, before Microsoft provided its security update. Industry experts called the WMF bug one of the most serious Windows flaws to date and recommended the third-party fix. Microsoft, meanwhile, said users were not under massive attack.
The flaw in the way WMF images are handled is not a typical security vulnerability that can be exploited by attackers, such as a buffer overflow. Instead, the WMF problem lies in a software feature being used in an unintended way, Microsoft has said.
When WMF files were designed in the late 1980s, a feature was included that allowed the image files to contain computer code that could be executed on a PC to increase usability on the slow systems of yesteryear. The graphics file format was introduced with Windows 3.0 in early 1990.
It was found that the WMF feature could be abused. A vulnerable Windows computer might have been compromised simply if the user visited a Web site that contained a malicious image file, or opened such a file in an e-mail message or an Office document.
When this security flaw came out only after a third party made their own fix and everyone else started using it, that's when microsoft sent out their fix ahead of schedule. Interesting...
EnerG2 opens a plant to make an engineered carbon that will improve performance of energy storage devices and make storage for start-stop hybrid cars less expensive.
That Apple will release a new iPad next month is seemingly becoming less of a question as much as what day it'll be. A new rumor has it down to the day.
Tommy Jordan, the man who shot his daughter's laptop for YouTube, gets a visit from police and child protection services. Oh, and Good Morning America.
As UC Berkeley students, the co-founders of "Back to the Roots" discovered they could grow mushrooms using recycled coffee grounds. Now their mushroom kit sells at grocery stores across the country.
Chamtech's spray-on antenna uses a nano material to provide a low-power boost to antenna range. The wireless-in-a-can product may some day bring an end to unsightly cell towers.
The Washington State Senate passed a bill that would charge electric car owners $100 per year to compensate for not paying gas taxes. The bill still has to pass the House.
