Submitted by Bob Taft
Jan. 3, 2006
You can get the free patch from Gibson Research Corporation.
Download Ilfak's WMF patch utility from GRC
Microsoft preparing patch for Windows flaw
By Allison Linn, Associated Press
SEATTLE - Microsoft says it will be at least a week before it issues a fix to a recently discovered vulnerability that could let an attacker take control of an Internet-connected computer.
Microsoft said Tuesday it has created a patch for the flaw in its Windows operating system but needs to test it first. The software giant said it hopes to release the patch as part of its regular monthly security updates next Tuesday.
The Redmond company confirmed late last week that some people were trying to take advantage of a flaw in an element of Windows that is used to view images. If a user is tricked into viewing an image, such as on a malicious website or within an e-mail attachment, that person's computer could be attacked.
Microsoft said Tuesday that its research indicates the attacks are not widespread. The fact that the vulnerability requires a person to take action - say, opening an e-mail from a stranger - could mitigate the potential damage.
But Marc Maiffret, an executive with eEye Digital Security Inc. of Aliso Viejo, Calif., said the vulnerability still could be troubling because personal firewalls will offer little protection and the attacks can easily be modified to get around security software such as anti-virus programs.
Another concern is that the flaw affects versions of Windows desktop and server software dating back to Windows 98.
"It's basically almost any Windows PC right now that you can compromise if you can trick a person to going to the wrong website or opening the wrong e-mail," Maiffret said.
While it tests a fix, Microsoft is offering some technical options for decreasing the risk of an exploit. Security experts say the flaw also reinforces the importance of not opening e-mails from strangers or visiting suspect websites.
On the Web (Microsoft Security Advisory (912840)
Back to Consumers' Home Page