Network News

X My Profile
View More Activity

MS Windows Image Problem, Round 2?

Just four days after Microsoft Corp. issued a patch to fix a critical flaw in the way Windows processes certain image files, security researchers say they may have uncovered at least two other similar vulnerabilities in the operating system.

According to a post on SecurityFocus's Bugtraq vulnerabilities list, the problem resides in the way the Windows "graphics rendering engine" handles certain image files ending in ".WMF," the same file format addressed by the first Windows patch of 2006.

Unlike that flaw, however, these latest discoveries don't appear to come complete with exploit code showing would-be attackers how to exploit the vulnerabilities. Hopefully, things will stay that way until Redmond has a chance to address this. A Microsoft spokesperson said the company is investigating the report.

Just a reminder: Microsoft is expected to issue at least two critical updates tomorrow afternoon. As always, Security Fix will bring you the skinny on those patches as soon as possible.

Update, 2:31 p.m. ET:Okay, maybe I spoke too soon. It looks like proof-of-concept exploit code has in fact now been released for this set of vulnerabilities. So far, it looks like this exploit would merely allow attackers to conduct a "denial-of-service (DoS)" assault on vulnerable machines -- not drop nasty little programs on them. Still, in many cases where a DoS attack is possible, smart attackers can very often figure out a way to expand that type of vulnerability into one that allows remote code execution. Stay tuned.

Update, 8:45 p.m. ET:Microsoft security program manager Stephen Toulouse has posted a bit of information about this problem on the company's Security Response blog. Toulouse says that while the report on Bugtraq indicates the vulnerability could be used to crash parts of the operating system (namely Internet Explorer), "as it turns out, these crashes are not exploitable but are instead Windows performance issues that could cause some WMF applications to unexpectedly exit."

Not sure I see the distinction between a program that "crashes" and one that "unexpectedly exits." Anyway, Toulouse goes on to say: "These issues do not allow an attacker to run code or crash the operating system. They may cause the WMF application to crash, in which case the user may restart the application and resume activity. We had previously identified these issues as part of our ongoing code maintenance and are evaluating them for inclusion in the next service pack for the affected products."

By Brian Krebs  |  January 9, 2006; 1:49 PM ET
Categories:  Latest Warnings  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   StumbleUpon   Technorati   Google Buzz   Previous: Microsoft to Fix Windows Flaw Today
Next: Clam Antivirus Vulnerability


What everyone needs to keep in mind about the bugs and security breaches in Windows is that with the huge number of people who are attacking the OS because they can't stand Microsoft, it is far and away the most thoroughly tested system around.

Posted by: Kenneth Fretz | January 10, 2006 11:03 AM | Report abuse

microsoft always comes thru with a fix at the right time and tells us how to use the fix, brian where would we be without this teem?

Posted by: | January 10, 2006 11:23 AM | Report abuse

Since no one cried when Windows 2.0 had this same logic, why cry now. All I see is that a feature for limited memory is no mote due to the advances in hardware.

Posted by: Why cry now | January 10, 2006 12:36 PM | Report abuse

Small correction: That post was from Lennart Wistrand of the MSRC, not Stephen Toulouse.

Posted by: Anonymous | January 10, 2006 1:07 PM | Report abuse

To the anonymous person who posted that last comment about the author of the MSRC Blog: A thousand pardons. But the blog entry says the author was one "Steptoe," which as anyone who deals with the MSRC on a regular basis knows - is the nickname for Stephen Toulouse. Now, maybe everyone who posts to that blog just uses Stephen's login, but I could hardly be faulted for thinking those were his words.

Posted by: Bk | January 10, 2006 1:31 PM | Report abuse

I think I gt hit with this bit of malware and then tried to clean up the mess. Only problem is that now Microsoft Image is totally gone. Any suggestions as to how I can get it back?

Posted by: Rem | January 10, 2006 2:58 PM | Report abuse

Rem - try these instructions, which are from an earlier blog post a few posts down the screen on the blog front - to re-enable the image/fax viewer in Windows:

* Click Start, click Run, type "regsvr32 %windir%\system32\shimgvw.dll" (without the quotation marks, and then click OK.
* A dialog box appears to confirm that the un-registration process has succeeded. Click OK to close the dialog box.

Posted by: Bk | January 10, 2006 3:09 PM | Report abuse

Hey Brian, I'm the anonymous one (forgot to fill the name file).

I didn't mean to ruffle your feathers. Yes, Steve is the head of the MSRC, but many members of the MSRC make posts to the blog.

I only pointed it out because Lennart notes that he is the one making the posting in the first line of the post. Just trying to make sure my colleagues are attributed appropriately, that's all.

Posted by: Matt | January 10, 2006 5:34 PM | Report abuse

I don't know if this is the right place for this but I can't find any info on a virus that has taken over my sister's computer, it is called w32\Parite.B any info on how to deal with it would be appreciated. Thanks and keep up the good work.

Posted by: John | January 11, 2006 10:34 AM | Report abuse

I totally agree with what you're saying. I wish more people felt this way and took the time to express themselves. Keep up the great work.

Chris Scanlon

Posted by: Chris Scanlon | January 25, 2006 3:40 AM | Report abuse

The comments to this entry are closed.

RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company