Microsoft pushes out critical patches


Microsoft pushes out critical patches

Tash Shifrin

Microsoft has warned of critical security flaws in the way its Windows operating system handles certain graphics files.

The software giant warned that two of the three bugs could be exploited by hackers to take control of an affected system. The third could lead to a denial of service.

The bugs were found in Windows’ Graphics Rendering Engine and in two file formats – Windows Metafile and Enhanced Metafile. A Microsoft security bulletin warns, “A remote code execution vulnerability exists in the rendering of Windows Metafile (WMF) and Enhanced Metafile (EMF) image formats that could allow remote code execution on an affected system.

“Any program that renders WMF or EMF images on the affected systems could be vulnerable to this attack.”

It adds, “An attacker could try to exploit this vulnerability through malicious web sites or through email over the internet.”

Hackers who were able to log on locally could run a specially designed program to exploit the vulnerability, “and thereby gain complete control over the affected system”, the bulletin warns.

The denial of service vulnerability was found in the rendering of the Enhanced Metafile (EMF) image format, it says.

Microsoft has released a series of patches for different versions of Windows. Windows 98, Windows 98 Second Edition and Windows Millennium Edition are not affected.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy