All the latest UK technology news, reviews and analysis
|
|
|
04 Jan 2006
Microsoft will issue patch for a widely abused security vulnerability in the Windows operating system next Tuesday as part of its monthly cycle, the company said in an update of the security advisory about the flaw.
Attackers could use the vulnerability to take control of a computer through a specially crafted Windows Metafile (.wmf) image.
Such an image can be used on a website or sent by email or in an instant message. Security vendors have reported that attackers are actively using all these methods in an attempt to infect systems.
Security website Secunia gave the vulnerability its most severe rating of 'extremely critical'.
All versions of Windows are vulnerable, according to security provider F-Secure, but systems running Windows XP or Server 2003 are most at risk.
Microsoft has developed a patch for the security hole and is currently testing it to enable a release next week.
Although Microsoft acknowledged that the flaw is being actively exploited, the company claimed that the scope of the attacks is not widespread.
Antivirus software is blocking most of the attacks through updated signature files, allowing the security software to recognise infected files before they can cause any harm, according to Microsoft.
Russian software engineer Ilfak Guilfanov has already released an unofficial fix which F-Secure has endorsed on its company blog.
Users who choose to install Guilfanov's patch will have to uninstall it before they run next week's Microsoft patch.
Latest stories from Security
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
Systems Analyst - Project Lead - Chelmsford, Essex...
Windows Systems Engineer (Windows Log File, Syslog) learn...
Role: MVC PHP Developer Location: London, Central...
Title: Senior Web Developer / Engineer (HTML, JavaScript...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
Microsoft should NOT be allowed to profit from this...
You KNOW, Microsoft will use this flaw to leverage users into buying new software. They will ONLY patch Windows XP, and anyone using Windows 2000 or older, who wants their systems fixed or made more secure will be FORCED to buy WIndows XP. In alot of cases this will force people to have to buy new hardware. So far Microsoft has seen surges in sales of Windows XP for every flaw and exploit that has come out. THIS IS VERY WRONG! Microsoft should not be rewarded for poor programming. What's to stop them from deliberately creating flaws and vulnerabilities to increase sales? The LAW needs to step in and FORCE Microsoft to patch "EVERY" version of Windows that is affected by this flaw... AT NO COST TO THE USER.
Posted by: SmartITGuy 04 Jan 2006