MS Windows Image Problem, Round 2?
Just four days after Microsoft Corp. issued a patch to fix a critical flaw in the way Windows processes certain image files, security researchers say they may have uncovered at least two other similar vulnerabilities in the operating system.
According to a post on SecurityFocus's Bugtraq vulnerabilities list, the problem resides in the way the Windows "graphics rendering engine" handles certain image files ending in ".WMF," the same file format addressed by the first Windows patch of 2006.
Unlike that flaw, however, these latest discoveries don't appear to come complete with exploit code showing would-be attackers how to exploit the vulnerabilities. Hopefully, things will stay that way until Redmond has a chance to address this. A Microsoft spokesperson said the company is investigating the report.
Just a reminder: Microsoft is expected to issue at least two critical updates tomorrow afternoon. As always, Security Fix will bring you the skinny on those patches as soon as possible.
Update, 2:31 p.m. ET:Okay, maybe I spoke too soon. It looks like proof-of-concept exploit code has in fact now been released for this set of vulnerabilities. So far, it looks like this exploit would merely allow attackers to conduct a "denial-of-service (DoS)" assault on vulnerable machines -- not drop nasty little programs on them. Still, in many cases where a DoS attack is possible, smart attackers can very often figure out a way to expand that type of vulnerability into one that allows remote code execution. Stay tuned.
Update, 8:45 p.m. ET:Microsoft security program manager Stephen Toulouse has posted a bit of information about this problem on the company's Security Response blog. Toulouse says that while the report on Bugtraq indicates the vulnerability could be used to crash parts of the operating system (namely Internet Explorer), "as it turns out, these crashes are not exploitable but are instead Windows performance issues that could cause some WMF applications to unexpectedly exit."
Not sure I see the distinction between a program that "crashes" and one that "unexpectedly exits." Anyway, Toulouse goes on to say: "These issues do not allow an attacker to run code or crash the operating system. They may cause the WMF application to crash, in which case the user may restart the application and resume activity. We had previously identified these issues as part of our ongoing code maintenance and are evaluating them for inclusion in the next service pack for the affected products."
Posted by: Kenneth Fretz | January 10, 2006 11:03 AM | Report abuse
Posted by: firstname.lastname@example.org | January 10, 2006 11:23 AM | Report abuse
Posted by: Why cry now | January 10, 2006 12:36 PM | Report abuse
Posted by: Anonymous | January 10, 2006 1:07 PM | Report abuse
Posted by: Bk | January 10, 2006 1:31 PM | Report abuse
Posted by: Rem | January 10, 2006 2:58 PM | Report abuse
Posted by: Bk | January 10, 2006 3:09 PM | Report abuse
Posted by: Matt | January 10, 2006 5:34 PM | Report abuse
Posted by: John | January 11, 2006 10:34 AM | Report abuse
Posted by: Chris Scanlon | January 25, 2006 3:40 AM | Report abuse
The comments to this entry are closed.