Microsoft November 2005 patch day



That most wonderful day of the month has come when we get an idea of what vulnerabilities we may see exploited…. Seriously, if you run Windows, go to windowsupdate.microsoft.com or ensure you have automatic updates if at all possible. This months most critical update relates to a vulnerability in the way windows renders (draws) images. It appears that an attacker could design a web page with images in such a way as to run arbitrary (anything they want) code (programs) on the victims computer, alter or view data, or simply control the machine (creating/removing user accounts, etc.)


The update applies to XP, 2000, and 2003. More detailed analysis can be found at Incidents.org I can only wonder how long before this is seen as a vector of attack for either a virus, or spyware installer.

There is also some coverage at the sunbeltblog. This basically sums up as, the vulnerability is with the gdi (graphical device interface) rendering of wmf (windows metafile) images. The image could come from a web page, html email, microsoft office document or a chat. Full disclosure summary here, and last but certainly not least eEye is credited with discovery of the vulnerability.

Related Posts

Blog Traffic Exchange Related Posts
  • WMF exploit situation summary... Since there's been quite a bit of flux the last couple of days I thought I'd try to "reset" the situation and give a general overview of where we stand now with regards to the recent WMF zero-day exploit. 1st there is a vulnerability in the way Windows renders WMF......
  • Another problem with one of the Microsoft Patches... Last month, April, the Microsoft patch cycle had one problem patch that broke certain explorer extensions (most notable some HP software...) This time around it looks like the Flash patch that they distributed has given a few people fits. For starters, yes it's odd for Microsoft to distribute a patch......
  • More on Explorer vulnerability Among other things... Sans has lowered the infocon to green, NOT that the threat is diminished, but there have been no new developments with regards to the announcement yesterday of a major Internet Explorer security vulnerability. Sans recommends browsing the web with firefox (with the noscript extension, so you can......
Blog Traffic Exchange Related Websites
  • Lending Club Updates Lending Functionality A few weeks ago Rob Garcia at Lending Club announced updates to the lending account management features.  I apologize it has taken me this long to cover the update, but I have been busy at work and frankly without lenders having the ability to lend money I was lacking motivation. ......
  • RegCure Developed to utilize the most current technology in registry cleaning, RegCure has been designed to provide computer users with the most advanced prevention and maintenance tool available. Offering the most comprehensive feature set on the market and free customer support, RegCure is the PC fix preferred by PC users. RegCure......
  • Microsoft announces 9 Windows Phone 7 phones At London, Microsoft unveiled 9 Windows Phone 7 handsets. From Left to Right, Top to Bottom, these are the following phones: Dell Venue Pro HTC HD7 HTC 7 Mozart HTC 7 Surround HTC 7 Trophy LG Optimus 7 LG Quantum Samsung Focus Samsung OMNIA 7 All these 9 phone run......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site