Microsoft November 2005 patch day



That most wonderful day of the month has come when we get an idea of what vulnerabilities we may see exploited…. Seriously, if you run Windows, go to windowsupdate.microsoft.com or ensure you have automatic updates if at all possible. This months most critical update relates to a vulnerability in the way windows renders (draws) images. It appears that an attacker could design a web page with images in such a way as to run arbitrary (anything they want) code (programs) on the victims computer, alter or view data, or simply control the machine (creating/removing user accounts, etc.)


The update applies to XP, 2000, and 2003. More detailed analysis can be found at Incidents.org I can only wonder how long before this is seen as a vector of attack for either a virus, or spyware installer.

There is also some coverage at the sunbeltblog. This basically sums up as, the vulnerability is with the gdi (graphical device interface) rendering of wmf (windows metafile) images. The image could come from a web page, html email, microsoft office document or a chat. Full disclosure summary here, and last but certainly not least eEye is credited with discovery of the vulnerability.

Related Posts

Blog Traffic Exchange Related Posts
  • Microsoft's quick response to network worms.... This is an ironic title because frankly, Microsoft has seemed to be slow in solutions for the recent zotob worm. Of course, they announced the vulnerability and accompanying update to solve the issue to begin with, but after the virus started propagating what do we see from Microsoft? They have......
  • WMF exploit situation summary... Since there's been quite a bit of flux the last couple of days I thought I'd try to "reset" the situation and give a general overview of where we stand now with regards to the recent WMF zero-day exploit. 1st there is a vulnerability in the way Windows renders WMF......
  • Powerpoint zero day This has been a rough quarter for Office vulnerabilities... there seems to be a pattern, Microsoft patch day, then.... zero-day exploit within a week for an Office component. First Word, then Excel and now this month our vulnerable app is Powerpoint. The Security Fix has some coverage and notes the......
Blog Traffic Exchange Related Websites
  • Is Google Page Rank Important For Small Business Web sites? The short answer? No. Google Page Rank gets bandied about quite a bit by people who really don't know anything about SEO but want to pretend they do. Google Page Rank is really all about trust. Google looks at a number of factors when anointing web sites with Page......
  • How to Install a Window Air Conditioner the Right Way As summer approaches, those of us without central air are getting ready to go through the annual ritual of installing our window air conditioners. However, were you aware that a bad installation can actually raise your electricity costs and make it harder to say cool? Here are some tips to......
  • Lending Club Updates Lending Functionality A few weeks ago Rob Garcia at Lending Club announced updates to the lending account management features.  I apologize it has taken me this long to cover the update, but I have been busy at work and frankly without lenders having the ability to lend money I was lacking motivation. ......
en.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site