Microsoft November 2005 patch day



That most wonderful day of the month has come when we get an idea of what vulnerabilities we may see exploited…. Seriously, if you run Windows, go to windowsupdate.microsoft.com or ensure you have automatic updates if at all possible. This months most critical update relates to a vulnerability in the way windows renders (draws) images. It appears that an attacker could design a web page with images in such a way as to run arbitrary (anything they want) code (programs) on the victims computer, alter or view data, or simply control the machine (creating/removing user accounts, etc.)


The update applies to XP, 2000, and 2003. More detailed analysis can be found at Incidents.org I can only wonder how long before this is seen as a vector of attack for either a virus, or spyware installer.

There is also some coverage at the sunbeltblog. This basically sums up as, the vulnerability is with the gdi (graphical device interface) rendering of wmf (windows metafile) images. The image could come from a web page, html email, microsoft office document or a chat. Full disclosure summary here, and last but certainly not least eEye is credited with discovery of the vulnerability.

Related Posts

Blog Traffic Exchange Related Posts
  • Powerpoint zero day This has been a rough quarter for Office vulnerabilities... there seems to be a pattern, Microsoft patch day, then.... zero-day exploit within a week for an Office component. First Word, then Excel and now this month our vulnerable app is Powerpoint. The Security Fix has some coverage and notes the......
  • Microsoft Updates for October and bugs on the loose Well, it's been a bit since a post here, but if you haven't already patch your systems with Microsoft update, as new updates were released yesterday. Incidents.org is reporting rumors of bugs in the wild. Everyone KNOWS the window between vulnerability and exploit is getting shorter and shorter, so if......
  • WMF exploit situation summary... Since there's been quite a bit of flux the last couple of days I thought I'd try to "reset" the situation and give a general overview of where we stand now with regards to the recent WMF zero-day exploit. 1st there is a vulnerability in the way Windows renders WMF......
Blog Traffic Exchange Related Websites
  • Microsoft announces 9 Windows Phone 7 phones At London, Microsoft unveiled 9 Windows Phone 7 handsets. From Left to Right, Top to Bottom, these are the following phones: Dell Venue Pro HTC HD7 HTC 7 Mozart HTC 7 Surround HTC 7 Trophy LG Optimus 7 LG Quantum Samsung Focus Samsung OMNIA 7 All these 9 phone run......
  • Most Efficient Strategy To Get High Back Hyperlinks Via Link Creating Services linlk building packages is the procedure of growing building backlinks of your website by getting url from pertinent websites. Backlink building performs an essential part to maximizing search engine results position of websites. Through getting url while in the period of back links to have websites helps to go the......
  • Microsoft ships Windows 7 SP1 and Windows Server 2008 R2 SP1 Microsoft has released the Service Pack 1 (SP1) update for Windows 7 and Windows Server 2008 R2. The update is available via the Microsoft's Update Center or Windows Update. The service pack releases add to the performance improvements and security enhancements to the existing versions of corresponding operating systems. Below......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site