Microsoft plugs remote execution, spoofing holes in Windows

Microsoft on Tuesday issued patches for critical holes in all supported versions of Windows that could allow an attacker to take over a system by executing code remotely if the user viewed a maliciously crafted image file.

The patch for Windows 2000, XP, Vista, Server 2003, and Server 2008, plugs a vulnerability (MS09-006) that affects images created with the Enhanced MetaFile (EMF) or Windows MetaFile (WMF) display formats, according to Microsoft’s advisory.

“An attacker can send you an e-mail with an infected image in it or you can go to a Web site with an infected image or get it elsewhere, from a thumbdrive,” said Wolfgang Kandek, chief technology officer of Qualys, which helps companies with security risk and compliance.

Attackers can also disguise .WMF and .EMF files as other image file types, such as .JPG, in order to sneak them past cautious users, said Alfred Huger, vice president of development at Symantec Security Response.

Also patched on Patch Tuesday were two holes rated “important” that affected the same systems and which could be used by an attacker to masquerade as someone else in a spoofing attack.

Read more: news.cnet.com

Conclusion

This software provides valuable functionality for users. Whether for personal or professional use, it delivers on its core promises. Regular updates and active development ensure continued relevance. User satisfaction and community support demonstrate its value.

Final Thoughts

Based on its features and performance, this software is worth considering. Evaluate your specific needs and whether this solution addresses them. Try it yourself to determine if it’s the right fit for your requirements.