Tech Shout!

Microsoft has released a patch to fix two grave defects in Windows. These critical dangers are related to the processing of graphic files and possibly may be exploited by hackers in order to take control of vulnerable systems.

The first vulnerability concerns a flaw in the Windows’ Graphics Rendering Engine, which comes into play while rendering certain malformed Enhanced Metafile (EMF) and Windows Metafile (WMF) image files.

The flaw was discovered by eEye Digital Securtity on March 29th. The defect allows malicious code to be executed with minimal user interaction through commonly used media, owing to which it was accorded a “high� severity rating by Microsoft.

Venustech AdDLab, eEye Digital Security and Symantec Security Response discovered the second flaw, which is a similar, high-risk, heap overflow in WMF. Hackers can take advantage of this vulnerability by embedding the image in an Office document, or by convincing the user to view an HTML email in Outlook, etc.

Both “grave vulnerabilities� affect Windows Server 2003, Windows NT 4.0, Windows 2000, and Windows XP (including those running SP2) systems. In due course, almost all Windows users will have to apply Microsoft patch (MS05-053); the singular patch which was released on Tuesday by Microsoft, as part of its regular monthly update.