Users should install the latest patch Tuesday update from Microsoft immediately to protect against holes in the...
operating system that could enable a hacker to take control of their PC.
Three of the patches require users to restart their PCs.
"This month's critical vulnerability affects the Windows kernel and can allow an attacker to gain complete control of a user's machine simply by the user viewing a website infected with a malicious .WMF or .EMF picture file," said Alfred Huger, vice-president, development, at Symantec Security Response. "It would also be possible for a user to fall victim to this vulnerability by opening an HTML e-mail or an e-mail attachment containing the same type of malicious files.
"What's more is that it is possible for an attacker to disguise .WMF and .EMF files as other common picture file types, such as a .JPG, in order to fool users who are exercising greater caution around viewing lesser known file types."
Software compatibly testing firm ChangeBase has tested this month's patch and found that it should not cause application compatibility issues. In a report on the patch, the company recommended that the patches are rapidly deployed to a staging environment and then subsequently into production.
"The ChangeBase AOK team recommends that with all changes to an environment basic user acceptance testing testing is performed on all business critical applications. However, for these three March Microsoft Security updates, only marginal build level testing should be required."