I.T. Vibe
Latest Business Communications Gaming General Security Technology Virus  
   Member Services
Login
Register
   General Services
Contact Us
Merchandise
Toolbar
RSS Feeds
Other Formats
   Site Search
 
Advanced Search
   News Alerts
Enter your email address to receive news alerts
 
View Privacy Policy
Unsubscribe
   Information
Latest Virus Alerts
Internet Threat Level
Internet Traffic Report
   Opinion Poll
Macs - Love Them or Hate Them? Place your votes now.
Love 'em
Hate 'em
Indifferent
Reader Comments: 0
View All Polls
New critical flaw being exploited in Windows
Monday, January 02, 2006 at 18:14 by Rich Kavanagh
Microsoft is investigating new public reports of another serious vulnerability that is affecting all versions of Microsoft Windows.

Microsoft is also aware of the public release of detailed exploit code that could be used to exploit this vulnerability.

Based on their investigation, the exploit code could allow an attacker to execute arbitrary code on the user's system by hosting a specially crafted Windows Metafile (WMF) image on a malicious web site. Microsoft is aware that this vulnerability is being actively exploited.

Microsoft has determined that an attacker using this exploit would have no way to force users to visit a malicious web site. Instead, an attacker would have to persuade them to visit the web site, typically by getting them to click a link that takes them to the attacker's web site. In an e-mail based attack, customers would have to be persuaded to click on a link within a malicious e-mail or open an attachment that exploited the vulnerability. In both the web and email based attacks, the code would execute in the security context of the logged-on user

Microsoft are continuing to investigate these reports and customers are encouraged to keep their anti-virus software up to date.

At this moment, there is no patch or fix available to Windows users.

UPDATE: AlertCon increased to Level 2
 
Contact Rich Kavanagh, the author of this article View a printer friendly version of this article Email this article to a friend RSS Feeds
Comment # 1 on 02 January 2006 at 19:11 by Anonymous
Thre is a fix..at least a patch... http://www.hexblog.com/2005/12/wmf_vuln.html
Comment # 2 on 03 January 2006 at 03:28 by Anonymous
regsvr32 -u %windir%\system32\shimgvw.dll
Your Verification Number:

Please enter your Verification Number:

Recent Articles In Security:
Child Database Launch Delayed
Best Western changed their story on missing customer details
One Million Bank Customer Details On eBay For £35!
When A Windows Fix Causes More Problems
Net Devils Hit ICANN And IANA
 
Other Recent Articles:
A third of people do not have Internet access
Internet Explorer gets a revamp
A Virus in Outer Space
TV advert for Apple iPhone is banned
Salford University And The £110,000 Email!
 

 © 2008 I.T. Vibe - All Rights Reserved - All Trademarks Recognised - Privacy Policy - Terms & Conditions