Microsoft released a security advisory today concerning Windows Vista, Windows XP and Windows Server 2003.
The flaw is associated with the Windows graphics rendering engine, which improperly parses a specially crafted image file, leading to a stack overflow, according to Microsoft's security advisory 2490606. This remote code execution exploit can be used by a hacker to gain user rights on a system. However, Microsoft's blog describing the problem states that the company isn't aware of any active exploits occurring yet.
The issue is made more acute if the user has administrative rights, which may allow the attacker to modify network settings or change and delete data.
Typically, an attack using this exploit would attempt to get Windows users to click on an e-mail attachment containing a thumbnail image or an instant messaging link. An alternative attack method might be to direct a user to a thumbnail image located on a network sharing space.
The security advisory suggests keeping software updated and using firewalls and antivirus software. It also describes a few workarounds to increase protection, prior to Microsoft's release of patch.
Read more: Microsoft Online
The flaw is associated with the Windows graphics rendering engine, which improperly parses a specially crafted image file, leading to a stack overflow, according to Microsoft's security advisory 2490606. This remote code execution exploit can be used by a hacker to gain user rights on a system. However, Microsoft's blog describing the problem states that the company isn't aware of any active exploits occurring yet.
The issue is made more acute if the user has administrative rights, which may allow the attacker to modify network settings or change and delete data.
Typically, an attack using this exploit would attempt to get Windows users to click on an e-mail attachment containing a thumbnail image or an instant messaging link. An alternative attack method might be to direct a user to a thumbnail image located on a network sharing space.
The security advisory suggests keeping software updated and using firewalls and antivirus software. It also describes a few workarounds to increase protection, prior to Microsoft's release of patch.
Read more: Microsoft Online