'Critical' Patch Released For Windows
November's monthly fix from Redmond includes a critical fix to three bugs affecting the graphics rendering engine in several versions of Windows.
Microsoft released a bulletin for a Windows patch labeled critical.
The security bulletin addresses three vulnerabilities, each affecting the graphics rendering engine in Windows 2000, Windows XP SP1/SP2, Windows Server 2003 and Windows Server 2003 SP1. The bulletin's number is MS05-053.
The main culprit behind this security bulletin is a critical vulnerability in the Windows rendering engine. Any program rendering a Windows Metafile (WMF) or Enhanced Metafile (EMF) image is open to attack by malware (define) writers.
If the WMF image is compromised by an attacker it leaves the system open to remote manipulation, allowing them to add, delete or modify files on the computer. If the EMF image is attacked, it could open the system up to a denial-of-service attack (define), eventually crashing the machine.
While the graphics rendering engine vulnerability is a critical fix for the five operating system versions mentioned in the bulletin, not every system is affected by the particular image file formats. The WMF vulnerabilities, for example, don't affect Windows XP SP2 and Windows Server 2003 SP1 users.