Microsoft November 2005 patch day



That most wonderful day of the month has come when we get an idea of what vulnerabilities we may see exploited…. Seriously, if you run Windows, go to windowsupdate.microsoft.com or ensure you have automatic updates if at all possible. This months most critical update relates to a vulnerability in the way windows renders (draws) images. It appears that an attacker could design a web page with images in such a way as to run arbitrary (anything they want) code (programs) on the victims computer, alter or view data, or simply control the machine (creating/removing user accounts, etc.)


The update applies to XP, 2000, and 2003. More detailed analysis can be found at Incidents.org I can only wonder how long before this is seen as a vector of attack for either a virus, or spyware installer.

There is also some coverage at the sunbeltblog. This basically sums up as, the vulnerability is with the gdi (graphical device interface) rendering of wmf (windows metafile) images. The image could come from a web page, html email, microsoft office document or a chat. Full disclosure summary here, and last but certainly not least eEye is credited with discovery of the vulnerability.

Related Posts

Blog Traffic Exchange Related Posts
  • More on Explorer vulnerability Among other things... Sans has lowered the infocon to green, NOT that the threat is diminished, but there have been no new developments with regards to the announcement yesterday of a major Internet Explorer security vulnerability. Sans recommends browsing the web with firefox (with the noscript extension, so you can......
  • Microsoft's quick response to network worms.... This is an ironic title because frankly, Microsoft has seemed to be slow in solutions for the recent zotob worm. Of course, they announced the vulnerability and accompanying update to solve the issue to begin with, but after the virus started propagating what do we see from Microsoft? They have......
  • WMF exploit situation summary... Since there's been quite a bit of flux the last couple of days I thought I'd try to "reset" the situation and give a general overview of where we stand now with regards to the recent WMF zero-day exploit. 1st there is a vulnerability in the way Windows renders WMF......
Blog Traffic Exchange Related Websites
  • Microsoft announces 9 Windows Phone 7 phones At London, Microsoft unveiled 9 Windows Phone 7 handsets. From Left to Right, Top to Bottom, these are the following phones: Dell Venue Pro HTC HD7 HTC 7 Mozart HTC 7 Surround HTC 7 Trophy LG Optimus 7 LG Quantum Samsung Focus Samsung OMNIA 7 All these 9 phone run......
  • Is Google Page Rank Important For Small Business Web sites? The short answer? No. Google Page Rank gets bandied about quite a bit by people who really don't know anything about SEO but want to pretend they do. Google Page Rank is really all about trust. Google looks at a number of factors when anointing web sites with Page......
  • Microsoft Plans Emergency Windows Patch for Monday August 2nd Microsoft stated they will issue an emergency patch for the critical Windows shortcut bug on Monday, Aug. 2.  The patch is set to be released on Monday at around 10 a.m. California time.  The news of this vulnerability surfaced 2 weeks ago and with an of attackers trying to exploit this......
en.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site