Jump to content

Microsoft Windows Metafile Vulnerability


cdnvic

Recommended Posts

US-CERT National Cyber Alert System

TA06-005A-Update for Microsoft Windows Metafile Vulnerability

Original release date: January 5, 2006

Last revised: --

Source: US-CERT

Systems Affected

* Systems running Microsoft Windows

Overview

Microsoft Security Bulletin MS06-001 contains an update to fix a vulnerability in the way Microsoft Windows handles images in the Windows Metafile (WMF) format.

I. Description

TA05-362A describes a vulnerability in the way Microsoft Windows handles Windows Metafile images. This vulnerability could allow a remote attacker to execute arbitrary code. Microsoft Security Bulletin MS06-001 contains an update to fix this vulnerability.

The vulnerability is described in further detail in VU#181038.

II. Impact

A remote, unauthenticated attacker may be able to execute arbitrary code if the user is persuaded to view a specially crafted Windows Metafile.

III. Solution

Apply a patch from your vendor

Install the appropriate update according to Microsoft Security Bulletin MS06-001.

Appendix A. References

* Microsoft Security Bulletin MS06-001 - <http://www.microsoft.com/technet/security/Bulletin/MS06-001.mspx>

* US-CERT Vulnerability Note VU#181038 - <http://www.kb.cert.org/vuls/id/181038>

* US-CERT Technical Cyber Security Alert TA05-362A - <http://www.us-cert.gov/cas/techalerts/TA05-362A.html>

Feedback can be directed to US-CERT.

Produced 2006 by US-CERT, a government organization. Terms of use

Revision History

January 5, 2006: Initial release

Link to comment
Share on other sites

MICROSOFT has stepped outside its "patch Tuesday" regime to release a fix for a critical Windows flaw that left systems dating back to Windows 98 vulnerable.

The flaw in the Windows Meta File (WMF) system architecture could allow a hacker to take control of a system via a malicious website or email attachment. It was discovered late last month and Microsoft had subsequently been scrambling to provide a fix.

The company originally said it would have a patch available in time for its regular "patch Tuesday" distribution on January 10. But testing had been completed early and the patch released publicly, the company said on its website.

"Microsoft is releasing the update early in response to strong customer sentiment that the release should be made available as soon as possible," Microsoft said.

Microsoft Australia chief security advisor Peter Watson said there had been no evidence of a successful exploitation of the flaw among either enterprise or consumer customers in Australia.

However, exploits that attack the vulnerability have been released.

"Microsoft?s monitoring of attack data continues to indicate that the attacks are limited and are being mitigated both by Microsoft?s efforts to shut down malicious web sites and by up-to-date signatures from anti-virus companies," Microsoft said.

"Users should take care not to visit unfamiliar or untrusted web sites that could potentially host the malicious code," Microsoft said.

Microsoft earlier withdrew a previous version of the patch released inadvertently

Source: http://australianit.news.com.au/articles/0...Enbv%5E,00.html

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.



×
×
  • Create New...