These issues affect the ‘ExtCreateRegion’ and ‘ExtEscape’ functions.
This must have something to do with the recent CERT reports
on how Microsoft Windows was less vulnerable that Linux/Unix. The world’s most widely used OS was recently certified by CERT as having lesser vulnerabilities than Linux.
Experts and Linux-lovers from around the world engaged in hot debates on the topic with opinions ranging from how results were rigged to miscategorisation claims (this one by RedHat) to crying unfair.
And now, barely five days after the report was published, two more flaws in the same engine are discovered. Seems like someone was waiting to do it… Well, they do say, revenge is a dish best served cold…
As for the exploit-fears, the solution and advice is the same:
- Do not open images from untrusted sources
- Keep your mail image setting to high security, i.e. edit your mail options to “Do not display HTML Graphics.” Follow this, especially if you are using a web-based email client.
- Keep your system updated with the latest patches from Microsoft.
- Keep an eye out for updates from this site. His name is Ilfak Guilanov and he is one of the good guys.
- Get generic WMF vulnerability news.
http://news.google.com/news?q=WMF+vulnerability
Seriously though, on a positive note, the more vulnerabilities are found, the better it will be. The optimist says, we are on a way to a better and secure system. This, as long as, the competition remains healthy. Once it disintegrates into a bloodbath, well….
Of course, Redmond must act fast, something it has been known not to do. Billy boy, are ya listenin’?
(via PCMAG: New Batch of WMF Flaws Flagged )
Technorati Tags: WMF, vulnerability, exploit, security, ShrikantJoshi, CorporateSpices
(Not to be taken seriously)
Entries (RSS)