A hacker has released details of two further security flaws in the way Microsoft Windows handles Windows metafile images on the internet.
The discovery comes just days after Microsoft was forced to issue a patch against a critical Windows metafile (WMF) flaw in Windows, which allowed remote attackers to execute arbitrary code on users’ infected PCs.
The latest flaws were posted on the Bugtraq security mailing list by a hacker going by the name of “cocoruder”.
However, internet security researchers said the latest WMF flaws in Windows weren’t as important as the one Microsoft just patched against, as they did not allow a remote attacker to execute code. They can simply lead to applications crashing, including the user’s browser.
Yet the discovery of further graphics flaws in its Windows engine must worry Microsoft, which was forced to repair WMF flaws in Windows only last November.
Microsoft is expected to look at the latest reported WMF flaws and consider whether to fix them. So far it has made no comment on the new bugs.