Microsoft released a bulletin for a Windows patch labeled critical.
The security bulletin addresses three vulnerabilities, each affecting the graphics rendering engine in Windows 2000, Windows XP SP1/SP2, Windows Server 2003 and Windows Server 2003 SP1. The bulletin's number is MS05-053.
The main culprit behind this security bulletin is a critical vulnerability in the Windows rendering engine. Any program rendering a Windows Metafile (WMF) or Enhanced Metafile (EMF) image is open to attack by malware (define) writers.https://o1.qnsr.com/log/p.gif?;n=203;c=204660766;s=9477;x=7936;f=201812281312070;u=j;z=TIMESTAMP;a=20392931;e=iWMF and EMF are two graphics file formats used in Windows; WMF is for 16-bit computing and EMF is for 32-bit systems; the two file formats hold vector and bitmap graphics information when they are exchanged between applications.
If the WMF image is compromised by an attacker it leaves the system open to remote manipulation, allowing them to add, delete or modify files on the computer. If the EMF image is attacked, it could open the system up to a denial-of-service attack (define), eventually crashing the machine.
While the graphics rendering engine vulnerability is a critical fix for the five operating system versions mentioned in the bulletin, not every system is affected by the particular image file formats. The WMF vulnerabilities, for example, don't affect Windows XP SP2 and Windows Server 2003 SP1 users.