Users should install the latest
patch Tuesday update from Microsoft immediately to protect
against holes in the operating system that could enable a hacker to
take control of their PC.
Three of the patches require users to restart their PCs.
"This month's critical vulnerability affects the Windows kernel
and can allow an attacker to gain complete control of a user's
machine simply by the user viewing a website infected with a
malicious .WMF or .EMF picture file," said Alfred Huger,
vice-president, development, at Symantec Security Response. "It
would also be possible for a user to fall victim to this
vulnerability by opening an HTML e-mail or an e-mail attachment
containing the same type of malicious files.
"What's more is that it is possible for an attacker to disguise
.WMF and .EMF files as other common picture file types, such as a
.JPG, in order to fool users who are exercising greater caution
around viewing lesser known file types."
Software compatibly testing firm ChangeBase has tested this
month's patch and found that it should not cause application
compatibility issues. In a
report on the patch, the company recommended that the patches
are rapidly deployed to a staging environment and then subsequently
into production.
"The ChangeBase AOK team recommends that with all changes to an
environment basic user acceptance testing testing is performed on
all business critical applications. However, for these three March
Microsoft Security updates, only marginal build level testing
should be required."