Jump to content

Two new Windows bugs found


Recommended Posts

Two new Windows bugs found

By Robert McMillan, IDG News Service

10 January 2006

Two new flaws have been found in Windows, just days after Microsoft rushed out a patch covering the same part of the operating system.

A hacker going by the name "cocoruder" has posted details on the unpatched holes to the Bugtraq mailing list. They affect the same graphics rendering engine as the earlier WMF flaw - a hole so serious that security experts recommended people install a third-party patch rather than wait for Microsoft to produce its own.

However, the vulnerabilities are far less serious than the previous flaw in the Windows Metafile format, say security experts.

While the patched flaw was being exploited by attackers to take control of Windows machines, the latest vulnerabilities appear to pose the risk of simply crashing the WMF-viewing software, typically Internet Explorer. However, users would first need to trick a victim into viewing a specially crafted WMF image in order for this to happen, security experts say.

The vulnerabilities can be found in a number of versions of Windows, including Windows XP, Service Pack 2, Windows Server 2003, Service Pack 1, and Windows 2000, Service Pack 4.

Because of the inherent complexity of image formats, there are plenty of opportunities for attackers to find bugs similar to the two that were revealed Monday, said Russ Cooper, security analyst at Cybertrust.

But the new WMF vulnerabilities are not a major cause of concern, he said. "New malformed images that simply crash things aren't really that important unless they can be shown to cause code to execute," Cooper advised. "This is only getting any attention because its WMF and Microsoft just released a WMF patch."

Microsoft refused to comment on the new flaws.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...