Maker tech hub — AI · 3D print · Pi · ESP32 · plus the classic tech archive.

Free ESP32 kit · Books · Network Ninja · Archive

Classic tech archive. From the original averyjparker.com tech blog — historical context; pair with modern guides where noted. Full archive · Maker projects · Network Ninja

Classic tip · Classic

Microsoft November 2005 patch day

That most wonderful day of the month has come when we get an idea of what vulnerabilities we may see exploited.... Seriously, if you run Windows, go to windowsupdate.microsoft.com or ensure you have …

Written by

Avery J. Parker

IT veteran, maker educator, and author of Network Ninja, 3D Printing Mastery, and AI Workflow Mastery. Business IT: Diversified Tech Solutions.

That most wonderful day of the month has come when we get an idea of what vulnerabilities we may see exploited.... Seriously, if you run Windows, go to windowsupdate.microsoft.com or ensure you have automatic updates if at all possible. This months most critical update relates to a vulnerability in the way windows renders (draws) images. It appears that an attacker could design a web page with images in such a way as to run arbitrary (anything they want) code (programs) on the victims computer, alter or view data, or simply control the machine (creating/removing user accounts, etc.)


The update applies to XP, 2000, and 2003. More detailed analysis can be found at Incidents.org I can only wonder how long before this is seen as a vector of attack for either a virus, or spyware installer.

There is also some coverage at the sunbeltblog. This basically sums up as, the vulnerability is with the gdi (graphical device interface) rendering of wmf (windows metafile) images. The image could come from a web page, html email, microsoft office document or a chat. Full disclosure summary here, and last but certainly not least eEye is credited with discovery of the vulnerability.