The flaw could allow an attacker to take control of a system with a specially crafted Windows Metafile (WMF) or Enhanced Metafile (EMF) image. Windows handles the images incorrectly, opening a backdoor in the operating system.
Security provider eEye first reported the flaw to Microsoft more than six months ago. A second vulnerability affecting only the WMF format was reported over two months ago.
Both bugs are rated critical because an attacker could exploit them by posting a maliciously crafted image on a website or sending it by email. After the system is infected, the attacker could install programs as well as view or change data.
The patch also fixes a bug in the EMF format with a 'moderate' severity rating. It causes a crash of the application that is trying to open the file, but does not open any backdoors.
The bugs affect systems running Windows 2000, XP and Server 2003. Users can update their systems through the Windows Update website.
Security issues relating to software that improperly handles image formats are not limited to Windows.
The flaws could have been used to gain control over a system through a buffer overflow attack.
Voice assistants in smart homes will reach 275 million in five years' time, and Amazon is in pole position
Kicking Palantir off of AWS is among their demands, too
Rafaela Vasquez was watching The Voice at the time of the crash, new evidence shows
PUBG price slashed on Steam after selling more than 50 million copies - as daily player numbers plunge