Windows image exploit leaves XP, Vista, Server 2003, 2008 vulnerable
A new security hole in Microsoft's Windows XP, Vista, Server 2003 and 2008 operating system has come to light, Microsoft confirmed yesterday. The Windows exploit is a remote code execution vulnerability which if successfully exploited by a hacker can take complete control of an affected PC or server. Microsoft further said that a patch is under construction but it won't issue an out-of-cycle update to fix the Windows bug.
The Windows security vulnerability exists in the operating system's graphics rendering engine. Microsoft said the security hole could be exploited if a user views a folder containing a specially crafted thumbnail with Windows' file manager or opens or views some Office documents. Hackers can feed poisoned Word or PowerPoint documents and then take control of the host system if the files are opened or previewed.
Microsoft said that Windows 7 and Server 2008 R2 are unaffected by the graphics rendering bug/exploit.
While we wait for a patch to fix the security hole, Microsoft has recommended a temporary workaround. One needs to add more restrictions on the shimgvw.dll file by adding a string of characters at the command line. But this could lead to irregularities in handling media files by Windows' Graphics Rendering Engine, Microsoft warned.
The Windows vulnerability first came to light last month but got fresh attention when Metasploit penetration tool posted an exploit module which can potentially threaten the security of Windows XP, Vista, Server 2003 and 2008 machines.
The Windows security vulnerability exists in the operating system's graphics rendering engine. Microsoft said the security hole could be exploited if a user views a folder containing a specially crafted thumbnail with Windows' file manager or opens or views some Office documents. Hackers can feed poisoned Word or PowerPoint documents and then take control of the host system if the files are opened or previewed.
Microsoft said that Windows 7 and Server 2008 R2 are unaffected by the graphics rendering bug/exploit.
While we wait for a patch to fix the security hole, Microsoft has recommended a temporary workaround. One needs to add more restrictions on the shimgvw.dll file by adding a string of characters at the command line. But this could lead to irregularities in handling media files by Windows' Graphics Rendering Engine, Microsoft warned.
The Windows vulnerability first came to light last month but got fresh attention when Metasploit penetration tool posted an exploit module which can potentially threaten the security of Windows XP, Vista, Server 2003 and 2008 machines.
No comments:
Post a Comment