Microsoft fixes image processing errors in November security
Three vulnerabilities in the way Windows manages and controls graphic files are likely to pave the way for hackers to make spyware and Trojan attacks on users' computers.
In the security bulletin MS05-53, Microsoft reported an error related to how the operating system displays Windows Metafile (WMF) and Enhanced Metafile (EMF) image formats. To exploit the vulnerability, hackers can post images containing malicious code on the website or send via e-mail, then trick people into opening them with the aim of installing spyware, Trojans, worms or malicious programs. Other harms.
MS05-53 is classified as " serious ", the highest risk level according to Microsoft calculation. Two of the three errors will create opportunities for those who have a bad conspiracy to control the remote computer, the other error will only damage the application running the malicious file. The code that exploits this program's vulnerability has been posted on the Internet recently.
The US software company said the most serious vulnerability affects all Windows operating systems. The remaining two errors only appear in Windows 2000, Windows XP Service Pack 1 and Windows Server 2003.
Vulnerability in the process of managing and displaying images is appearing more and more. This is because the image format is relatively troublesome and the application program must support multiple image file types at the same time. In August, Microsoft also warned of a similar error regarding how Internet Explorer handles JPEG images.
" In the coming time, this kind of defect will be present in all popular applications, all complex file formats, not just images, " said Neel Mehta, a team leader at ISS security organization (USA). , comment. " We don't think the latest flaw in Windows will cause a widespread exploit, but they will be used to attack specific targets. "
In regards to Microsoft security, the MS05-038 and MS05-052 patch may damage the browser interface and prevent many websites from being displayed properly .
These two patches remove the " unsafe " feature and change the way the browser operates the ActiveX control protocol. However, after installing MS05-038, pages containing Component Object Model (COM) will not be downloaded as expected. Meanwhile, MS05-052 will block some websites with ActiveX protocol. Microsoft said that all Internet Explorer security modes must be set to the most advanced mode to resolve ActiveX-related errors.
Bill Gates' group released the MS05-038 problem-solving guide and described the error in MS05-052.
TN ( according to CNet, PC World )
- Apple fixes Wi-Fi for Mac OS X
- The security newsletter in October caused Windows 2k errors
- Microsoft fixed a series of bugs for Vista
- Microsoft fixes deadly errors for XP and Vista
- Apple fixes 26 Mac OS X security bugs
- Netscape fixes browser security errors
- General CD patch for Windows (02-2006)
- MySQL fixes security errors
- Adobe fixes PDF product security errors
- Microsoft patches a lot of Windows errors
What is the Snapdragon SiP chip? How to create a yellow circle around the mouse cursor on Windows Edit the Boot.ini file in Windows XP 3 ways to restart the remote computer via the Internet Vietnam computer market: Looking back a year How to restore deleted applications on Android How to increase the capacity of C drive on Windows 10, 8, 7 ... 8 security features of Windows operating system