On TechRepublic: Windows 7: Slower to boot than Vista?
BNET Business Network:
BNET
TechRepublic
ZDNet
35 TalkBacks

By Joris Evers
Posted on ZDNet News: Jan 17, 2006 8:20:00 PM

A security update for preview releases of Windows Vista fixes the same image-rendering vulnerability found in earlier versions of the operating system.

Microsoft on Friday released what's believed to be the first security patch for Windows Vista, the next version of its flagship operating system. Updates are available for Windows Vista beta 1, released in July, and last month's Community Technology Preview release. The final version of Windows Vista is due by year's end.

The patch fixes a vulnerability in the way the operating system's Graphics Rendering Engine processes Windows Meta File images. That bug was first discovered late last month as it was being exploited by cybercriminals to load spyware, adware and other malicious code onto the PCs of unwitting Windows users.

Microsoft earlier this month broke its monthly patching cycle to rush out a "critical" fix for Windows XP, Windows Server 2003 and Windows 2000. Vista is not listed in Microsoft's security bulletin as vulnerable, but the updates for the forthcoming OS release refer to the same page on Microsoft's support Web site for details on the security issue.

The WMF security problem drew an unusual response in the security world. One expert crafted his own fix for the problem, before Microsoft provided its security update. Industry experts called the WMF bug one of the most serious Windows flaws to date and recommended the third-party fix. Microsoft, meanwhile, said users were not under massive attack.

The flaw in the way WMF images are handled is not a typical security vulnerability that can be exploited by attackers, such as a buffer overflow. Instead, the WMF problem lies in a software feature being used in an unintended way, Microsoft has said.

When WMF files were designed in the late 1980s, a feature was included that allowed the image files to contain computer code that could be executed on a PC to increase usability on the slow systems of yesteryear. The graphics file format was introduced with Windows 3.0 in early 1990.

It was found that the WMF feature could be abused. A vulnerable Windows computer might have been compromised simply if the user visited a Web site that contained a malicious image file, or opened such a file in an e-mail message or an Office document.

SponsoredWhite Papers, Webcasts, and Downloads

  • Talkback
  • Most Recent of 35 Talkback(s)
A bold statment
The fact of the matter is that ANY OS's security depends on the fact of the expertise and skill of the user/administrator, and to claim that Windows can't be secure based on the User and kernal only s... (Read the rest)
Posted by: Ragon2727 Posted on: 01/20/06 You are currently: a Guest | | Terms of Use
So how new is Vista?  spinits | 01/17/06
How new?  Shelendrea | 01/17/06
Not that bad  spinits | 01/17/06
Find out Yourself  Yensi717 | 01/17/06
Your list...  techboy_z | 01/17/06
Same Monolithic model though  Spikey_Mike | 01/17/06
Shall I continue?  Jeff Spicoli | 01/17/06
Not the first Vista fix  PB_z | 01/17/06
VI$TA is so 1990!  Linux Geek | 01/17/06
What!!  Cratig | 01/18/06
Hey, Cratig, he's a troll. I know he uses Windows  John Zern | 01/18/06
Most if not all of Linux is recycled ...  ShadeTree | 01/18/06
So that would make Linux, what, so 1970?  John Zern | 01/18/06
Windows Vista gets image flaw fix  Loverock Davidson | 01/17/06
The big deal is...  Spikey_Mike | 01/17/06
more specific link  Spikey_Mike | 01/17/06
For most users, security is not top priority.  No_Ax_to_Grind | 01/17/06
Umm.read better engine  nomorems | 01/17/06
Let us clear something up  Linux User 147560 | 01/18/06
Of note as well  Sabz5150 | 01/19/06
Sure it can  Loverock Davidson | 01/17/06
LOL  nomorems | 01/17/06
You're fooling yourself  Spikey_Mike | 01/18/06
Hurray for more bogus links  Loverock Davidson | 01/18/06
You can secure Linux?  John Zern | 01/18/06
Yes - anyone can...  Spikey_Mike | 01/19/06
So...  zkiwi | 01/18/06
Itook MS to task on this before, now some suggestions.  No_Ax_to_Grind | 01/17/06
Why not follow Apple's lead?  tic swayback | 01/18/06
Please tell me this is part of a major beta  pierrejvr | 01/17/06
Correction  ShadeTree | 01/18/06
Since "vista" is just a update...  Rick_K | 01/19/06
You've got to be kidding  Ragon2727 | 01/19/06
Problem is not the flaw in a beta release...  Spikey_Mike | 01/20/06
A bold statment  Ragon2727 | 01/20/06

What do you think?

advertisement
advertisement

White Papers, Webcasts, and Downloads

SmartPlanet

  • Thought-provoking progressive ideas on diverse topics that intersect with technology, business, and life, and matter to the world at large. Visit SmartPlanet
  • More from IBM
  • Innovate your business' process model, play against the market, compete against others on our scoreboards and WIN! Try INNOV8 2.0: A BPM Simulator
  • Enabling Real-World Business Transformation through IBM Service Management Read the EMA Analyst Report
Click Here