World+dog scrambles to fight Windows flaw | The Register

Skip to content

Security:

News Tools

Reg Shops

Top Stories

Read more top stories

Related Whitepapers

Solution Brief: Reduce Energy Costs
With Green IT Solutions
What Every E-Business Should Know about SSL Security and Consumer Trust
A Verisign Business Guide
Server Consolidation and Containment
With Virtual Infrastructure
SSL in High-Security Browsers
The Browser Security Revolution
Making Green IT a Reality
Customer Perspectives on the Impact of Storage Vendor Decisions on Power, Cooling, & Space in Enterprise Data Centers
How IT Management Can "Green" the Data Center
A Gartner Report

The Register » Security » Enterprise Security »

World+dog scrambles to fight Windows flaw

Protect and survive

By John Leyden → More by this author

Published Tuesday 3rd January 2006 14:08 GMT

How IT Management Can "Green" the Data Center - Free Download

Microsoft rushed out a temporary fix on Monday to defend against a dangerous new Windows Meta File vulnerability that became the focus of numerous exploits late last week. Redmond's workaround disables some functions in Windows and is only partially effective. Fortunately, there is an alternative. Security researchers at the SANS Institute advise users to both unregister affected library (DLL files) and to use an unofficial patch, as explained here.

The WMF vulnerability exists in computers running Microsoft Windows XP (SP1 and SP2) and Microsoft Windows Server 2003 and stems from a flaw in a utility used to view picture and fax files. The security flaw might be exploited by inducing victims to view maliciously constructed sites, particularly where IE is used as a browser, or when previewing *.wmf format files with Windows Explorer. Hackers have created a range of Trojan programs which exploit the flaw. Microsoft said it plans to release a patch against the security hole on 10 January as part of its regular "Patch Tuesday" monthly update cycle. ®

Save money taking your comms online - Free live event - Register now

Track this type of story as a custom Atom/RSS feed or by email.

Related stories

MS releases emergency IE fix (27 September 2006)
MS mulls emergency IE fix (26 September 2006)
Unofficial IE patch saves humanity (25 September 2006)
MySpace adware attack hits hard (21 July 2006)
Hackers use BBC story to bait IE exploit (31 March 2006)
eEye issues workaround against unpatched IE flaw (28 March 2006)
MS issues Office überpatch (15 March 2006)
UK.gov repels zero day WMF attack (24 January 2006)
Windows support program bent to fit (12 January 2006)
Microsoft backtracks on WMF patch (6 January 2006)
Windows beats Linux - Unix on vulnerabilities - CERT (5 January 2006)
Windows users waiting for serious fix (3 January 2006)
Trojan alert over unpatched Windows flaw (29 December 2005)
MS releases IE überpatch (14 December 2005)
Trojan exploits unpatched IE flaw (1 December 2005)
Critical MS patch fixes graphics bugs (9 November 2005)
Exploit for unpatched IE vuln fuels hacker fears (19 August 2005)
Firefox exploit targets zero day vulns (9 May 2005)

Post to Slashdot

Add to del.icio.us

Previous Article

From small embedded OS to the world's most used open mobile OS

whitepaper title

Solution Brief: Reduce Energy Costs

Energy consumption has become a big issue. Dramatically increase server utilization and significantly reduce energy costs through Virtualization..

whitepaper title

Server Consolidation and Containment

This paper discusses how consolidation and containment solutions with a virtual infrastructure meet the challenges of server sprawl and underutilization..

Whitepapers
Protecting Online Customers from Man-in-the-Middle Attacks A Green Vision: Interview with VMWare CEO Diane Greene Solution Brief: Reduce Energy Costs Transformational Analytics

How IT Management Can "Green" the Data Center

A Gartner Report

Download for free NOW

Top 20 stories • All The Week’s Headlines • Archive • Search