Post by kas on Jan 4, 2011 20:49:23 GMT -5
Microsoft Warns of Image Problem
krebsonsecurity.com/2011/01/microsoft-warns-of-image-problem/
Microsoft today warned Windows users about a previously unknown security vulnerability that could allow attackers to install malicious software simply by getting users to view a malicious image in a Web browser or document.
Microsoft said in a security advisory that the problem stems from a bug in the Windows Graphics Rendering Engine on Vista, Server 2003, and Windows XP. The software giant said that it is working on a patch for the flaw, but that it isn’t aware of any active attacks exploiting the security hole…yet.
According to the CVE listing cited in the advisory, the vulnerability was discovered by a pair of security researchers who presented their findings at a security conference in Korea late last year.
Microsoft released a record number of security updates last year, and at the rate that new Windows flaws are being discovered and disclosed, the company is likely to set new records again in 2011. Over the weekend, security researcher Michael Zalewski, a Google employee, released details about a previously unreported flaw in Internet Explorer. Zalewski said he released the information after learning that details of the flaw had accidentally been indexed by Google’s search bots, and subsequently downloaded by someone using a Chinese Internet address.
Patch Tuesday is next week, and it will be interesting to see whether Microsoft addresses another outstanding vulnerability in IE: Two days before Christmas, Microsoft warned that hackers were likely to begin exploiting a flaw present in all versions of IE, using a widely publicized method of attack that evades two of the key security defenses built in Windows 7 and Windows Vista.
krebsonsecurity.com/2011/01/microsoft-warns-of-image-problem/
Microsoft today warned Windows users about a previously unknown security vulnerability that could allow attackers to install malicious software simply by getting users to view a malicious image in a Web browser or document.
Microsoft said in a security advisory that the problem stems from a bug in the Windows Graphics Rendering Engine on Vista, Server 2003, and Windows XP. The software giant said that it is working on a patch for the flaw, but that it isn’t aware of any active attacks exploiting the security hole…yet.
According to the CVE listing cited in the advisory, the vulnerability was discovered by a pair of security researchers who presented their findings at a security conference in Korea late last year.
Microsoft released a record number of security updates last year, and at the rate that new Windows flaws are being discovered and disclosed, the company is likely to set new records again in 2011. Over the weekend, security researcher Michael Zalewski, a Google employee, released details about a previously unreported flaw in Internet Explorer. Zalewski said he released the information after learning that details of the flaw had accidentally been indexed by Google’s search bots, and subsequently downloaded by someone using a Chinese Internet address.
Patch Tuesday is next week, and it will be interesting to see whether Microsoft addresses another outstanding vulnerability in IE: Two days before Christmas, Microsoft warned that hackers were likely to begin exploiting a flaw present in all versions of IE, using a widely publicized method of attack that evades two of the key security defenses built in Windows 7 and Windows Vista.