Microsoft November 2005 patch day



That most wonderful day of the month has come when we get an idea of what vulnerabilities we may see exploited…. Seriously, if you run Windows, go to windowsupdate.microsoft.com or ensure you have automatic updates if at all possible. This months most critical update relates to a vulnerability in the way windows renders (draws) images. It appears that an attacker could design a web page with images in such a way as to run arbitrary (anything they want) code (programs) on the victims computer, alter or view data, or simply control the machine (creating/removing user accounts, etc.)


The update applies to XP, 2000, and 2003. More detailed analysis can be found at Incidents.org I can only wonder how long before this is seen as a vector of attack for either a virus, or spyware installer.

There is also some coverage at the sunbeltblog. This basically sums up as, the vulnerability is with the gdi (graphical device interface) rendering of wmf (windows metafile) images. The image could come from a web page, html email, microsoft office document or a chat. Full disclosure summary here, and last but certainly not least eEye is credited with discovery of the vulnerability.

Related Posts

Blog Traffic Exchange Related Posts
  • Exploits a plenty - IE / Excel (Firefox?) There are a number of vulnerabilities that are currently unpatched, but have working publicly known exploits for Excel (*2) and Internet Explorer (2 vulnerabilities here as well.) Proof of Concept code has been released for both the Excel and Internet Explorer vulnerabilities. This means, with the code publicly available, it......
  • Another problem with one of the Microsoft Patches... Last month, April, the Microsoft patch cycle had one problem patch that broke certain explorer extensions (most notable some HP software...) This time around it looks like the Flash patch that they distributed has given a few people fits. For starters, yes it's odd for Microsoft to distribute a patch......
  • Disinfecting a PC... part 1 This is the first in a several part series documenting the cleaning of an infected PC. The only real noteworthy item is that it was a dial-up only connection and was rather infested for that. (On par with some of the broadband connected pc's I've seen. It's also an interesting......
Blog Traffic Exchange Related Websites
  • Is Google Page Rank Important For Small Business Web sites? The short answer? No. Google Page Rank gets bandied about quite a bit by people who really don't know anything about SEO but want to pretend they do. Google Page Rank is really all about trust. Google looks at a number of factors when anointing web sites with Page......
  • Review of Windows Live Writer When you find a tool that makes life easier, there is nothing more exciting. The need for corporations to simplify and systematize their processes has to do with working smart and taking advantage of things that allow workers to reach their goals without having to work quite as hard. One......
  • Most Efficient Strategy To Get High Back Hyperlinks Via Link Creating Services linlk building packages is the procedure of growing building backlinks of your website by getting url from pertinent websites. Backlink building performs an essential part to maximizing search engine results position of websites. Through getting url while in the period of back links to have websites helps to go the......
en.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site