Two new Windows bugs found

[ROM-DOS]

Two new Windows bugs found

By Robert McMillan, IDG News Service

10 January 2006

Two new flaws have been found in Windows, just days after Microsoft rushed out a patch covering the same part of the operating system.

A hacker going by the name "cocoruder" has posted details on the unpatched holes to the Bugtraq mailing list. They affect the same graphics rendering engine as the earlier WMF flaw - a hole so serious that security experts recommended people install a third-party patch rather than wait for Microsoft to produce its own.

However, the vulnerabilities are far less serious than the previous flaw in the Windows Metafile format, say security experts.

While the patched flaw was being exploited by attackers to take control of Windows machines, the latest vulnerabilities appear to pose the risk of simply crashing the WMF-viewing software, typically Internet Explorer. However, users would first need to trick a victim into viewing a specially crafted WMF image in order for this to happen, security experts say.

The vulnerabilities can be found in a number of versions of Windows, including Windows XP, Service Pack 2, Windows Server 2003, Service Pack 1, and Windows 2000, Service Pack 4.

Because of the inherent complexity of image formats, there are plenty of opportunities for attackers to find bugs similar to the two that were revealed Monday, said Russ Cooper, security analyst at Cybertrust.

But the new WMF vulnerabilities are not a major cause of concern, he said. "New malformed images that simply crash things aren't really that important unless they can be shown to cause code to execute," Cooper advised. "This is only getting any attention because its WMF and Microsoft just released a WMF patch."

Microsoft refused to comment on the new flaws.