Microsoft Releases Patch for WMF Security Hole

Published January 06, 2006

| Associated Press

Microsoft Corp. released a software patch for its Windows operating system Thursday to fix a flaw that has spawned attempts to take control of Internet-connected computers.

Initially, Microsoft said it didn't expect to do so until at least Tuesday, but the Redmond software maker said it finished testing earlier than planned and was able to release it on its Web site.

The flaw is in an element of Windows that is used to view images. If a user is tricked into viewing an image, such as on a malicious Web site or within an e-mail attachment, that person's computer could be attacked.

Microsoft confirmed last week that some people were trying to take advantage of it. On Thursday, the company said outbreaks appeared to be limited.

One mitigating factor is the fact that the vulnerability requires a person to take action, such as opening an e-mail from a stranger or following a link to an unknown Web page.

Nevertheless, security experts have said the flaw could still pose a risk because personal firewalls offer little protection and the attacks can easily be modified to get around security software such as antivirus programs.

Also, the flaw affects versions of Windows desktop and server software going back to Windows 98.

Microsoft had offered some technical options for decreasing the risk of an exploit. Other security companies had prepared their own patches while Microsoft worked on the official one.

URL

http://www.foxnews.com/story/2006/01/06/microsoft-releases-patch-for-wmf-security-hole