|
Latest Windows Metafile Flaw May Not Receive Patch Until Jan. 10 |
|
|
|
Written by Wire Services
|
|
Tuesday, 03 January 2006 |
The newly discovered vulnerability in Microsoft's Windows operating system may not receive an official patch release until at least January 10. Last week it was revealed that a serious new flaw was discovered which allows hackers to insert malicious computer programs into image files known as Windows metafiles or WMFs.
Any Windows user can be infected by opening a web site with an image file containing the WMF exploit. Most attacks require unsuspecting victims to download or execute an infected file but this latest vulnerability requires that a user merely view a web page, email or instant message, all of which may contain contaminated images.
Internet Explorer (IE) users are at the greatest risk of automatic infection while Firefox and Opera browser users are prompted with a question whether they’d like to open the WMF image or not. They get infected too if they answer ‘Yes’, according to a report on the Financial Times (FT) website.
Computer security experts say that the flaw has the potential of placing hundreds of millions of PC users at risk of infection by spyware or viruses. Mikko Hyppönen, chief research officer at the anti-virus company, F-Secure said, "The potential [security threat] is huge. It's probably bigger than for any other vulnerability we've seen. Any version of Windows used by any company in the world is vulnerable right now."
Microsoft has issued bulletins confirming the WMF vulnerability but as of January 2 has not issued a patch. Microsoft also confirmed that the vulnerability applies to all the main versions of Windows shipped since 1990: Windows ME, Windows 2000, Windows XP and Windows 2003. |
