WMF Vulnerability Patch Released Early

[Joe User 99]

WMF patch released early.

Security Update for Windows XP (KB912919)

Security Update for Windows Server 2003 (KB912919)

Security Update for Windows 2000 (KB912919)

Security Update for Windows XP x64 Edition (KB912919)

Security Update for Windows Server 2003 64-bit Itanium Edition (KB912919)

The Security bulletin ( MS06-001 ) is now available and confirms this covers the WMF vulnerability.

Graphics Rendering Engine Vulnerability - CVE-2005-4560:

A remote code execution vulnerability exists in the Graphics Rendering Engine because of the way that it handles Windows Metafile (WMF) images. An attacker could exploit the vulnerability by constructing a specially crafted WMF image that could potentially allow remote code execution if a user visited a malicious Web site or opened a specially crafted attachment in e-mail. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

The KB article ( 912919 ) is available, but just points to the security bulletin.

Edited January 5, 2006 by Joe User 99

[Gouki]

Thank you for letting us know! I was really waiting for this release, good thing is was release earlyer ... It was planned to 10th of January.

[Martijn]

Does anyone know what the actual symptoms are of this vunerability?

Because my laptop screen suddenly starts flickering like mad and I'm not sure if it's my screen or that vunerability causing it.

It's a relatively new machine (something like a month old) and it just started today

[Gouki]

I really dont see the exploit causing that Martijn, however, there is more information on this thread, explaining what does the virus using the exploit do.

Edited January 6, 2006 by Gouki