iEntry 10th Anniversary RSS Archive

IT Management Begins With Security
SecurityProNews > Insider Reports > Insider > Microsoft Issues Bulletin For New Flaw
Search:
[ insider_reports_insider ]

Microsoft Issues Bulletin For New Flaw



John Stith
Staff Writer
2005-12-29

SecurityProNews: Insider Reports Insider Reports RSS Feed


Microsoft released a security bulletin on Wednesday night regarding the zero-day security vulnerability in Windows XP and some of the 2003 server operating systems. They problem affects the Graphics Rendering Engine in Windows and is creating havoc as reports come in of over 50 variants on the code.

Microsoft Releases Bulletin on Windows Flaw
Microsoft Releases Bulletin on Windows Flaw

The Microsoft bulletin said this:

Microsoft is aware of the public release of detailed exploit code that could allow an attacker to execute arbitrary code in the security context of the logged-on user, when such user is visiting a Web site that contains a specially crafted Windows Metafile (WMF) image. An attacker would have no way to force users to visit a malicious Web site. Instead, an attacker would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker's Web site.

Other information continues to appear as Microsoft researches the flaw. Keep in mind, this flaw has multiple avenues of attack, including email. If a user visits one of the sites with the vulnerability in there, then the damage is done. The user automatically gets hit. Microsoft and other security software companies are recommending keeping antivirus software current in order maximize protection. Microsoft hasn't developed a patch for this vulnerability yet.

Sunbelt chief Alex Eckelberry mentioned some workarounds on his blog for the problem. One included unregistering the SHIMGVW.DLL. Eckelberry suggests this is the best answer, at least initially, until the appropriate antivirus definitions are updated. He emphasized this is a preventative measure. If the system is already infected, this won't work.

Microsoft has certainly had problem with its software but this may be the worst in quite a while. With some many variants and the ease with which it can be transferred, this makes the vulnerability extremely critical. With any luck,, Microsoft will have the fix soon. Until then, be careful the sites one visits and the email one opens.





About the Author:
John is a staff writer for SecurityProNews covering cyber security.

More insider_reports_insider Articles

SecurityProNews: Insider Reports Insider Reports RSS Feed

Get Your Site Submitted for Free in the World's Largest B2B Directory!

Email Address:
* URL:
*
*Indicates Mandatory Field

Terms & Conditions

iEntry Featured Services: Jayde Member Services | Forums | Freeware | Advertise with Us

Contact Us | Advertise | Newsletter Archive | Sitemap | Submit an Article | News Feeds
SecurityProNews is an iEntry, Inc.® publication - $line) { echo $line ; } ?> All Rights Reserved | Privacy Policy and Legal		 Join the WebProWorld Forums: Click Here
Virus Warnings

Subscribe to
SecurityProNews FREE!


[ more newsletters ]

Featured On:
article resources
Search Articles:
[advanced search]

WebProWorld.com
Get in-touch with industry experts and leaders
Post your site for review by expert and peers
Ask Security, IT, Development and Design questions

Free Membership: Join Now!

Visit WebProWorld.com

Titan Quest Forum
The #1 Titan Quest forum
Halo 3 Forum
The best Halo, Halo 2, Halo 3 forum
Nintendo Wii
Nintendo Wii news and views
Mac Software
The best in OS X freeware
Graphics Forum
Your source for graphic tutorials
SecurityProNews.com | Breaking eBusiness News Get Your IT Questions Answered - Click Here SecurityProNews News Feeds