All the latest UK technology news, reviews and analysis
|
|
|
29 Dec 2005
Microsoft has issued a security advisory warning about an unpatched security hole in Windows that is actively being exploited by online criminals.
Attackers are using a flaw in the way that Windows handles the .wmf (Windows Metafile) graphic file format. A specially crafted .wmf image placed on a website or sent through a spam email could allow the criminal to execute code on a user's system.
The arbitrary code execution lets the attacker install spyware or recruit a system for a zombie network, a collection of computers used for online crimes including sending spam or launching distributed denial of service attacks.
Microsoft urged users to update their antivirus software, and said that it is investigating the issue.
A patch is being developed which will be released either through Microsoft's monthly patch cycle on the second Tuesday of the month or as an out-of-cycle security update.
Security firm Secunia gave the vulnerability its highest severity ranking of 'extremely critical'.
Security firm F-Secure said on its blog that it has seen at least three different computer worms that exploit the security hole. The company refers to the worms as W32/PFV-Exploit.A, .B and .C. The threats are being spread by spam email messages and through several websites.
Users of Microsoft's Internet Explorer are automatically infected when they visit a webpage hosting an infected image. Firefox will first ask the user before opening the file. If the user approves, the PC will be infected.
The US Computer Emergency Readiness Team described several workarounds on its website that will mitigate but not eliminate the risk until Microsoft releases a patch.
The workaround includes avoiding .wmf files from untrusted sources and resetting the file association, or opening the files with an application other than Windows Picture and Fax Viewer.
Latest stories from Security
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Sneak peek at the forthcoming glass-based machine
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
Systems Analysis Project Lead - UML, Agile, Waterfall...
IT Business Analyst - ISEB, PRINCE2 - Southampton, Hampshire...
Predictive Modelling analytics - (SAS) - South-East...
iOs Developer - JEE, cocoa, Objective-C - Midlands (potential...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
Microsoft Does it again
Thank god. Without Microsoft and all of the issues, I wouldn't be making the kind of money I do. Quit your bitchin about Microsoft and it's problems and benefit from them - dumbass.
Posted by: Glen Carter 05 Jan 2006
True to form
Microsoft does it again, More security holes. No doubt the new opperating system will be just as bad, if you want my advice, Switch.
Posted by: Tom Chandler 31 Dec 2005
Video of a machine being infected
It's annoying how these folks try to exploit people. To see what I mean, check out the video link from my blog: http://geekswithblogs/lorint
Posted by: Lorin Thwaits 29 Dec 2005