WINDOWS VULNERABILITY ALERT (12-28-2005)
This is one of my *really* serious post (just ignore the teeny bopping Bill above) and I'll be sending out a heads-up to all my fellow network administrators on this same issue.
A new Windows vulnerability has been discovered by SecurityFocus.Com and this so far affects *ALL* Windows-based machines that have access to the internet. According to SecurityFocus:
Microsoft Windows WMF graphics rendering engine is affected by a remote code execution vulnerability.
The problem presents itself when a user views a malicious WMF formatted file, triggering the vulnerability when the engine attempts to parse the file.
The issue may be exploited remotely or by a local attacker. Any code execution that occurs will be with SYSTEM privileges due to the nature of the affected engine.
Microsoft Windows XP is considered to be vulnerable at the moment. It is likely that other Windows operating systems are affected as well.
The problem presents itself when a user views a malicious WMF formatted file, triggering the vulnerability when the engine attempts to parse the file.
The issue may be exploited remotely or by a local attacker. Any code execution that occurs will be with SYSTEM privileges due to the nature of the affected engine.
Microsoft Windows XP is considered to be vulnerable at the moment. It is likely that other Windows operating systems are affected as well.
I'm not a person who spreads unfounded FUD (Fear, Uncertainty, Doubt) but further reading of the SecurityFocus site shows that there are no patches available to counteract this vulnerability as of this writing (12-29-2005).
1868006032093581472
No comments:
Post a Comment