Microsoft issues patch for critical Windows flaw

6 Jan 2006

Microsoft has moved ahead of schedule to issue a patch for a critical software vulnerability in the way its Windows operating system handles Windows Meta File (WMF) graphics files. Since the flaw was discovered last week there have been reports of hundreds of security attacks which exploit it.

Earlier this week Microsoft had said it planned to release the patch next week for the vulnerability, its regular monthly schedule of releasing software patches on the second Tuesday of every month. However it appears that growing concern over the flaw has led the company to issue the patch in advance.

This is a major new zero day vulnerability that will infect Windows based machines that visit compromised websites, previewed in earlier versions of Outlook or have an infected file simply indexed by Google Desktop.

Last week a new exploit was published which takes advantage of the flaw in WMF. Brian Honan, a security expert with BH Consulting in Dublin, commented: “The irresponsible publication of this exploit when there is no vendor patch available will only encourage other exploits to be developed and aggravate an already serious situation.”

Normally the security industry announces a vulnerability at the same time as a patch is made available to fix it, so that users can update their systems before malicious code writers have the chance to create code that exploits that particular flaw.

According to Honan there are already hundreds of websites taking advantage of this vulnerability and several email worms have also been detected. One message in circulation has ‘Happy New Year’ in the subject line and it has an infected file attachment ‘Happynewyear.jpg’.

Anti-virus firm Sophos said it had seen more than 200 discrete attempts to infect innocent computer users using the vulnerability. It advised computer users to apply Microsoft’s new patch which protects against it.

In a statement on Tuesday, Microsoft said it had been carefully monitoring the attempted exploitation of the vulnerability since it became public. “Although the issue is serious and the attacks are being attempted, Microsoft’s intelligence sources indicate that the scope of the attacks is limited,” the company said at the time. It added that anti-virus companies with up-to-date signatures have been effective in repelling attacks that exploit the WMF flaw.

By Gordon Smith