Microsoft Warns Of Security Hole in Windows Graphics Engine

Microsoft issued an advisory to Windows users about a security vulnerability in a common Windows component that could be used by remote attackers to run malicious code on machines running the Windows XP, Vista and Windows Server 2003 operating systems.

Windows graphic vulnerabilityMicrosoft issued an advisory to Windows users about a security vulnerability in a common Windows component that could be used by remote attackers to run malicious code on machines running the Windows XP, Vista and Windows Server 2003 operating systems.

The company said on Tuesday that it is investigating public reports of a stack overflow vulnerability in the Windows Graphics Rendering Engine. The problem stems from a flaw in the way the Graphics Rendering Engine processes thumbnail images in the affected versions of Windows. Microsoft said it is not aware of any affected customers or active attacks targeting the vulnerability.

Attackers could use specially crafted thumbnail images – attached in an e-mail message, hosted on a Web page or embedded in a Microsoft Office document – to exploit the vulnerability. When successfully exploited, the vulnerability allows an attacker to take complete control of a user’s machine, if that user had administrative access to the system, Microsoft said. 

As a workaround, Microsoft said users can modify the Windows access control list (ACL) for the shimgvw.dll file, though the company warned that doing so would cause any media files that use that component to be displayed incorrectly.

Microsoft said it is researching the hole and working on a patch. However, the company said the vulnerability won’t warrant an out of cycle patch.

Also this week, Microsoft advised customers to apply MS10-087, a security update published in November. The company cited attacks exploiting that hole in Microsoft Office applications, which affects features that render RTF (rich text format) documents.

Suggested articles

Discussion

  • Anonymous on

     

    Try Ubuntu, stay safe...

    Use Linux (Ubuntu)

     Its free, safe and secure.

     

  • Anonymous on

    This is hardly new to me. If it wasn't for my combination of anti-virus, anti-malware, anti-spyware, noscript, and a couple of other tools I'd have gotten hit hundreds of times by now via favicons. Just doing a simple google search can sometimes allow infected images to run various forms of exploits across the whole spectrum of windows computers short of DOS and similar early systems.

    Just last week I did a couple of usually "safe" simple searches and had trojans trying to come in with the website icon being the source of the infectious materials. These viruses didn't just try to come in once either; so long as I left the page up the same virus seemed to try and relaunch per second and sometimes even changed its name... I'm just waiting at this point for people to try doing it via google.

    I mean heck, a friend got blackmailed and I (having limited technological skills at that time) slapped MacBeath (old .bat virus) with the dos prompt bind command to an flash file's icon and sent it to the twit doing the blackmailing. He seemed to be sapped of some arrogance and motivation when his computer said it stopped some attempts to delete his mouse, keyboard, and (modified) his system DLL's. I knew it wouldn't sink his system, but it sent a good warning message as to what he was getting into. I never did see or hear anything from him ever again after that~<3 [Don't try this at home; I did research first and intended to notify the authorities if he actually kept it up. --It was strictly a flare--.]

    Bottom line: To my knowlege these kind of image related vulnerabilities have been around for a long time, and aren't anything very difficult to use. Sure, this specific problem might be considered "new", but I saw people rig this kind of thing 10 years ago. There are similar vulnerabilities for Windows 7 even from what I can see... As far as I'm concerned, this is old news.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.