The flaw could allow an attacker to take control of a system with a specially crafted Windows Metafile (WMF) or Enhanced Metafile (EMF) image. Windows handles the images incorrectly, opening a backdoor in the operating system.
Security provider eEye first reported the flaw to Microsoft more than six months ago. A second vulnerability affecting only the WMF format was reported over two months ago.
Both bugs are rated critical because an attacker could exploit them by posting a maliciously crafted image on a website or sending it by email. After the system is infected, the attacker could install programs as well as view or change data.
The patch also fixes a bug in the EMF format with a 'moderate' severity rating. It causes a crash of the application that is trying to open the file, but does not open any backdoors.
The bugs affect systems running Windows 2000, XP and Server 2003. Users can update their systems through the Windows Update website.
Security issues relating to software that improperly handles image formats are not limited to Windows.
The flaws could have been used to gain control over a system through a buffer overflow attack.
US space agency believes the crater could have preserved ancient organic molecules from the water that flowed there billions of years ago
Valve quietly closes down hardware initiatives launched following Windows 8
Scientists create a virtual reality simulation of a black hole sitting at the centre of the Milky Way
Simulations like this can help people understand complicated systems in the universe in a better way
The most luminous galaxy ever discovered is cannibalising at least three of its smaller neighbours, study finds
The galaxy radiates at 350 trillion times the luminosity of the Sun