Unfortunate Start for Microsoft: Security Flaw Exploited
At the beginning of the new year 2006, Microsoft faced a significant setback when a specialized tool for exploiting a serious unpatched security vulnerability in Windows, known as the WMF (Windows Metafile) flaw, surfaced online.
Panda Software, a security company, reported that skilled hackers had successfully developed a tool called WMFMaker, capable of injecting malicious code into the unpatched WMF security vulnerability. With this tool, anyone could remotely upload various types of malware, including viruses, Trojans, and spyware, without the knowledge of the system owner.
This destructive toolkit is designed for command line use and comes with detailed instructions for activating WMF files that can inject malware into the user’s machine. The tool also provides attackers with a file named evil.wmf, specifically used for targeting Windows systems.
While Microsoft has only offered some general advice to help users temporarily avoid this security flaw, reputable security expert Ilfak Guilfanov has successfully created a patch for the WMF vulnerability. Guilfanov’s patch has been tested and validated by the SANS Internet Storm Center.
Windows users are strongly advised to click here or click here to download Ilfak Guilfanov’s patch immediately.
HOÀNG HẢI