NEW Critical Windows Patch Fights Takeover Attacks


Three image-rendering flaws in the Windows operating system could put millions of Internet-connected users at risk of PC takeover attacks, Microsoft Corp. warned on Tuesday.

The flaws could be exploited via any software that displays images, including the widely used Microsoft Outlook, Microsoft Word and Internet Explorer programs.




The bugs are considered particularly dangerous because users could be at risk by merely browsing to a malicious rigged site with rigged image files, or by displaying images in the preview pane of an e-mail program.

Microsoft tagged the update as "critical," its highest severity, and urges Windows users to download and apply the patches immediately.
The flaws affect Windows 2000, Windows XP (including Service Pack 2) and Windows Server 2003.
According to the MS05-053 bulletin, the nastiest of the three is a remote code execution bug in the rendering of WMF (Windows Metafile) and EMF (Enhanced Metafile) image formats.


"Any program that renders WMF or EMF images on the affected systems could be vulnerable to this attack. An attacker who successfully exploited this vulnerability could take complete control of an affected system," the company warned.

The bulletin also addresses two separate unchecked buffers in the way the operating system renders EMF and WMF images.
Image-rendering vulnerabilities are deemed particularly serious because malicious hackers can simply place a rigged photograph on a Web site and trick users into visiting. By merely browsing to the malicious site, the user allows the attacker to execute harmful code to take complete control of an unpatched machine.


In the past, image-rendering bugs have been used in widespread attacks. In one case, a hacker broke into an ad server and successfully loaded exploit code on banner advertising served on hundreds of Web sites. European tech publisher The Register was among those affected.

The latest flaw was discovered by at least three private research teams and reported to Microsoft more than seven months ago.

eEye Digital Security, one of the research firms credited with finding the vulnerability, reported it to Microsoft on March 29, but a comprehensive fix was delayed for a long time because of the complicated nature of testing such an important update, according to Stephen Toulouse, a program manager in the MSRC (Microsoft Security Response Center).
"There's absolutely a good reason [for the delay]," Toulouse said in an interview with Ziff Davis Internet News. "The graphics rendering system is an extremely important component of the operating system. It's critical to functioning of operating system. Any time you make a change to such an important component, you absolutely have to ensure you're not introducing new problems."


FROM:
http://www.eweek.com/article2/0,1895,1883850,00.asp