| ActiveMac | Anonymous | Create a User | Reviews | News | Forums | Advertise |
|
|
|
User Controls |
|
New User |
|
Login |
|
Edit/View My Profile |
|
|
|
|
|
|
|
ActiveMac |
|
Articles |
|
Forums |
|
Links |
|
News |
|
News Search |
|
Reviews |
|
|
|
|
|
|
|
News Centers |
|
Windows/Microsoft |
|
DVD |
|
ActiveHardware |
|
Xbox |
|
MaINTosh |
|
News Search |
|
|
|
|
|
|
|
ANet Chats |
|
The Lobby |
|
Special Events Room |
|
Developer's Lounge |
|
XBox Chat |
|
|
|
|
|
|
|
FAQ's |
|
Windows 98/98 SE |
|
Windows 2000 |
|
Windows Me |
|
Windows "Whistler" XP |
|
Windows CE |
|
Internet Explorer 6 |
|
Internet Explorer 5 |
|
Xbox |
|
DirectX |
|
DVD's |
|
|
|
|
|
|
|
TopTechTips |
|
Registry Tips |
|
Windows 95/98 |
|
Windows 2000 |
|
Internet Explorer 4 |
|
Internet Explorer 5 |
|
Windows NT Tips |
|
Program Tips |
|
Easter Eggs |
|
Hardware |
|
DVD |
|
|
|
|
|
|
|
Latest Reviews |
|
Applications |
|
Microsoft Windows XP Professional |
|
Norton SystemWorks 2002 |
|
|
|
Hardware |
|
Intel Personal Audio Player 3000 |
|
Microsoft Wireless IntelliMouse Explorer |
|
|
|
|
|
|
|
Site News/Info |
|
About This Site |
|
Affiliates |
|
ANet Forums |
|
Contact Us |
|
Default Home Page |
|
Link To Us |
|
Links |
|
Member Pages |
|
Site Search |
|
Awards |
|
|
|
|
|
|
|
Credits |
 |
Microsoft Security Advisory (912840): Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution. | |
|
||
| Time: 13:40 EST/18:40 GMT | News Source: ActiveWin.com | Posted By: Robert Stein | ||
|
Microsoft is investigating new public reports of a possible vulnerability in Windows. Microsoft will continue to investigate the public reports to help provide additional guidance for customers. Microsoft is aware of the public release of detailed exploit code that could allow an attacker to execute arbitrary code in the security context of the logged-on user, when such user is visiting a Web site that contains a specially crafted Windows Metafile (WMF) image. An attacker would have no way to force users to visit a malicious Web site. Instead, an attacker would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker's Web site. Customers are encouraged to keep their antivirus software up to date. The Microsoft Windows AntiSpyware (Beta) can also help protect your system from spyware and other potentially unwanted software. We will continue to investigate these public reports. Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This will include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs. | ||
|
Write Comment
Return to News |
Displaying 1 through 25 of 307 Last | Next |
The time now is
5:20:36 PM
ET.
Any comment problems? E-mail us |
| #1 By 15406 (24.43.125.29) at 12/30/2005 8:32:38 AM |
|
Nice. I'm sure MS will have a patch out any week now.
|
| #2 By 8556 (12.207.222.149) at 12/30/2005 9:20:22 AM |
| I'm not very concerned by any newly discovered XP vulnerabilites as long as proper patches are released on a timely basis. However, I am paying attention to Windows Vista development to learn what level of exposure it will likely have when released, so I can train customers in its use. Beta 2 appears to be quite a nice upgrade from XP security-wise. |
| #3 By 2459 (24.175.137.193) at 12/30/2005 6:11:10 PM |
|
Any vulnerabilities that apply to XP/Server 2003 will also be patched in Vista if applicable. In many cases, the beta OS gets patches first, then the patches are ported downlevel.
Beta 2 won't be available until next year. The Beta 2 references in the December (and previous) CTP are just in preperation for the actual Beta 2 release. |
| #4 By 32132 (142.32.208.231) at 12/30/2005 8:00:35 PM |
|
If you have a chip that supports hardware DEP (Athlon 64 and some later Intel chips), make sure it is turned all the way on.
http://www.microsoft.com/technet/security/prodtech/windowsxp/depcnfxp.mspx#EFAA "Turn on DEP for all programs and services except for those I select" Thw WMF exploit is stopped dead by hardware DEP if it is turned on for all programs, http://www.pcdoctor-guide.com/wordpress/?p=2042 Hardware DEP in XP SP2 and Windows 2003 SP1 is a very good thing. Oh, some applications don't like hardware DEP and you can add them to the exclusion list. |
| #5 By 12071 (203.206.243.239) at 12/30/2005 10:01:12 PM |
|
#4 "Oh, some applications don't like hardware DEP and you can add them to the exclusion list."
Won't that still make you vulnerable to this WMF exploit through every single program on your exclusion list? Not that you shouldn't have DEP turned on, but more to the point that you still need a patch. |
|
Write Comment
Return to News |
Displaying 1 through 25 of 307 Last | Next |
The time now is
5:20:36 PM
ET.
Any comment problems? E-mail us |
