A new security vulnerability has been discovered that poses a serious threat to all systems using Windows Service Pack 2, as reported by F-Secure and Sunbelt.
Malicious code can exploit this vulnerability in the WMF image rendering tool to automatically download and install malware.
WMF (Windows MetaFile) is an image format vector used by Microsoft’s operating systems. The file SHIMGVW.DLL is loaded to render images, and it contains a security flaw. This flaw opens a “door” for a corrupted WMF image, allowing code execution that could jeopardize an entire system.
Microsoft previously patched security vulnerabilities for WMF and EMF in November. This flaw affects versions of the Windows operating system, including Windows 2000, XP, and Windows Server 2003.
“We have found several websites that exploit this security vulnerability. Each different website downloads different spyware. We only caught a few websites using this new vulnerability, but now we see many using it to install malicious resources. These image files can be easily modified to download any malware or virus,” said Alex Eckelberry, CEO of Sunbelt Software.
Mika Pehkonen from F-Secure warned that “right now, all systems using Windows XP Service Pack 2 are affected by this security flaw, and there is currently no patch available.” F-Secure is actively scanning for malicious WMF files such as W32/PFV-Exploit.A, .B, and .C.
“Users will be at risk if they visit a website with an image file that contains the vulnerability. Internet Explorer users may be automatically affected, while Firefox users will be affected if they choose to load or download the image file,” Pehkonen added.
Microsoft has been notified of this issue and may release an emergency patch, separate from its regular “Patch Tuesday” security updates. Both Sunbelt and F-Secure deem this vulnerability very serious, as users can easily become infected and their systems can be compromised immediately.
Information about this security vulnerability can be found here.
THANH TRỰC
