‘Critical’ Microsoft WMF flaw fix
p2p news / p2pnet: After a premature release yesterday, Microsoft is now providing the official patch for the critical WMF security hole described by F-Secure as “probably bigger than … any other vulnerability we’ve seen”.
Hackers are currently taking advantage of the flaw.
“If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system,” say Bill and the Boyz.
“An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.”
Microsoft is recommending that anyone with affected systems should apply the fix immediately.
Affected Software:
- Microsoft Windows 2000 Service Pack 4
- Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
- Microsoft Windows XP Professional x64 Edition
- Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
- Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
- Microsoft Windows Server 2003 x64 Edition
- Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)
Go here for Microsoft Security Bulletin MS06-001.
Also See:
premature release – Microsoft working on WMF fix, January 5, 2006
probably bigger – New Windows virus threat ‘huge’, January 3, 2006
