Three vulnerabilities in the way Windows manages and handles graphic files could pave the way for hackers to execute spyware and Trojan attacks on users’ computers.
In the security bulletin MS05-53, Microsoft reported an issue related to how the operating system displays Windows Metafile (WMF) and Enhanced Metafile (EMF) image formats. To exploit this vulnerability, hackers could post images containing malicious code on websites or send them via email, tricking users into opening them with the intent of installing spyware, Trojans, worms, or other harmful programs.
MS05-53 is categorized as “critical“, the highest level of severity according to Microsoft’s rating system. Two of the three vulnerabilities would allow malicious actors to remotely control computers, while the remaining vulnerability only disrupts applications that are running the infected file. The exploit code for this vulnerability has recently been made available on the Internet.
The American software company indicated that the most severe vulnerability affects all versions of Windows operating systems. The other two vulnerabilities only appear in Windows 2000, Windows XP Service Pack 1, and Windows Server 2003.
Vulnerabilities in image management and display processes are becoming increasingly common. This is due to the relatively complex image formats and the necessity for programming applications to support multiple image file types simultaneously. In August, Microsoft also warned about a similar vulnerability related to how Internet Explorer handles JPEG images.
“In the near future, this type of flaw will be present in all popular applications and every complex file format, not just images,” noted Neel Mehta, a team leader at the American security organization ISS. “We do not believe the latest flaw in Windows will lead to widespread exploitation, but it will be used to target specific goals.”
Regarding Microsoft security, the patches MS05-038 and MS05-052 may disrupt browser interfaces and cause many websites to fail to display correctly.
These two patches eliminate the “unsafe” feature and change how the browser operates the ActiveX control protocol. However, after installing MS05-038, pages containing Component Object Model (COM) objects may not download as expected. Meanwhile, MS05-052 will block certain websites with ActiveX protocols. Microsoft stated that all security settings in Internet Explorer must be set to nearly the highest level to address the issues related to ActiveX.
The Bill Gates-led corporation has released guidelines for addressing the MS05-038 issue and descriptions of the issues in MS05-052.
T.N. (according to CNet, PC World)
