Microsoft plugs remote execution, spoofing holes in Windows

by admin March 10, 2009 at 6:20 pm

Microsoft on Tuesday issued patches for critical holes in all supported versions of Windows that could allow an attacker to take over a system by executing code remotely if the user viewed a maliciously crafted image file.

The patch for Windows 2000, XP, Vista, Server 2003, and Server 2008, plugs a vulnerability (MS09-006) that affects images created with the Enhanced MetaFile (EMF) or Windows MetaFile (WMF) display formats, according to Microsoft’s advisory.

“An attacker can send you an e-mail with an infected image in it or you can go to a Web site with an infected image or get it elsewhere, from a thumbdrive,” said Wolfgang Kandek, chief technology officer of Qualys, which helps companies with security risk and compliance.

Attackers can also disguise .WMF and .EMF files as other image file types, such as .JPG, in order to sneak them past cautious users, said Alfred Huger, vice president of development at Symantec Security Response.

Also patched on Patch Tuesday were two holes rated “important” that affected the same systems and which could be used by an attacker to masquerade as someone else in a spoofing attack.

Read more: