Microsoft confirms graphics engine flaw

Jan 5, 2011 3:58 PM
Filed under Security

Out-of-band patch unlikely.

Microsoft has confirmed the existence of a vulnerability affecting the graphics rendering engine of some Windows operating systems.

The Redmond giant said it was working on a patch but that it was unlikely to be released separately as an emergency out-of-band update.

"We are not aware of any affected customers, nor of any active attacks targeting customers [using this vulnerability]," Microsoft's senior marketing communications manager for trustworthy computing Angela Gunn said.

The vulnerability was first disclosed at a security conference in South Korea last month, according to the SANS Technology Institute.

According to the Institute's Johannes Ullrich, the vulnerability affected all current versions of Windows, barring Windows 7 and 2008 R2.

"The vulnerability is exploited via malicious thumbnail images that may be attached to various documents (e.g. Microsoft Office documents)," Ullrich stated.

"The most likely exploit vector would use e-mail attachments. However, it is also possible to use network shares."

 
Follow us on Facebook and Twitter
 

Copyright © iTnews.com.au . All rights reserved.

Microsoft confirms graphics engine flaw
 
 
 
 
 
Top Stories
Telstra in $857m blockbuster Pacnet acquisition
Asian deal to bring 220 retail and wholesale partners.
 
Deals done: 10 top acquisitions of 2014
Who bought who, and for how much?
 
Office 365: high and lows of 2014
How did Microsoft's cloud strategy perform?
 
Sign up to receive CRN email bulletins
   FOLLOW US...
Polls
Who had more wins in 2014?

Latest Comments
CRN Magazine

Issue: 334 | December 2014

CRN Magazine looks in-depth at the emerging issues and developments for the channel, and provides insight, analysis and strategic information to help resellers better run their businesses.