Just days after Microsoft released a critical security patch for the WMF vulnerability present in Windows XP SP2, security experts from nCircle announced two additional security issues recently discovered that are also related to this WMF flaw.
The first issue is that the WMF vulnerability can be exploited to launch denial-of-service attacks. The second issue affects a core Windows file, explorer.exe, which could cause Windows systems to crash when users inadvertently open specially crafted WMF image files designed to exploit this security flaw. The Explorer application impacts the entire Windows interface, including the Start Menu, Taskbar, Desktop, and File Manager.
Microsoft has acknowledged the existence of this flaw after receiving notification. They identified the issue prior to nCircle’s report and promised to release a patch for this newly discovered vulnerability as soon as possible.
Microsoft also disagrees with the notion that this kind of flaw could crash Windows systems, claiming it only affects applications used to view WMF image files, such as Windows Picture Viewer or Fax Viewer.
Mike Murray, director of nCircle in San Francisco, commented: ”It’s no surprise that additional security flaws have arisen from the WMF vulnerability. It wouldn’t be unusual to see another exploit program emerge in just a week or two to take advantage of this new security issue.”
Currently, there are no official reports regarding the damage caused by this security vulnerability.
HOÀNG HẢI
