Microsoft Windows security bug remains a nuisance

Microsoft recently released a Windows security advisory related to new exploit security code that targets the Windows Graphics Rendering Engine using arbitrary code. The security bug was demonstrated in Korea last month, but the code wasn't publicly released at the time.

Attackers are able to use infected Microsoft Word and PowerPoint files to trick users into navigating to a compromised location using Internet Explorer. Once the hijacked .WMF image has been installed, attackers have full admin rights (if the user logged in is an admin), so there are major security threats still available.

ADVERTISEMENT

The new Microsoft Security Advisory 2490606 is for older versions of Windows software, including Vista and XP. There is currently no reported threat to Windows Server 2008 R2 or Windows 7, although users are recommended to pay attention to security updates. Specifically, victims must visit a hijacked page or download a compromised file, with administrators facing the largest security threat.

In total, 10 different Microsoft operating systems are at risk, but security officials said they are unaware if there have been confirmed direct attacks using the exploit. A security update is now in development, but users looking to learn more information can visit the official Microsoft Security Advisory website.

ADVERTISEMENT

Windows security issues remain a constant problem for Microsoft, though the company has learned to be more responsive to major vulnerabilities. The software company is now working with Microsoft Active Protections Program partners to find a long-term solution -- and to try and prevent a similar incident from occurring in the future.

No posts to display