NEWS FROM THE LAB - Wednesday, November 9, 2005

Microsoft Security Bulletin MS05-053 Posted by Antti @ 07:26 GMT

Microsoft has released a security update that fixes three vulnerabilities. All of them are related to how Windows Metafile (WMF) and Enhanced Metafile (EMF) image formats are rendered. An attacker can exploit these vulnerabilities to remotely run arbitrary code and take over the affected computer. This can be done by using a malicious web page that the user visits, embedding a malicious image into an Office document or simply sending an HTML e-mail message with a specifically crafted image attached, to name a few alternatives. So, there seem to be a lot of venues for attack.

Although we haven't yet seen any indication that the vulnerabilities are being exploited in the wild, it's a really good idea to patch your systems - now.