Sign me up for the ELM Bulletin (click here)
 

Return to the ELM Bulletin Index

 

See what our client's say about us
 

Email this website to someone you know
 
Site Map
 
 
Locations of visitors to this page

 

Date: January 6, 2006
Subject: Windows and the WMF Exploit

 

On December 27, 2005, a flaw was discovered in the WMF (Windows Meta File) image format that affected all versions of Microsoft Windows. The nature of this flaw is such that simply viewing a specifically designed image of the WMF format could yield complete control of the computer system to remote attackers. It would not matter whether the image was viewed via email, over the internet, through an Instant Messenger application such as MSN Messenger or through an image viewer.

 

At the time of its discovery no workaround had been released or sanctioned by Microsoft (though a patch is now available from Microsoft, see below for details).

 

As the processing of WMF format images is integrated within the Windows operating system no protection from this flaw could be easily implemented by computer users. But since the WMF format is obsolete and not in common use, infected WMF images would generally be found only on websites or in emails specifically designed to make use of this flaw. The risk, however, remains considerable as there is no method within Windows of easily preventing WMF images from being viewed.

 

As of Thursday, January 5, 2006, Microsoft had released a patch to secure affected operating systems from the WMF flaw. Microsoft views this patch as a critical update and recommends its immediate installation. Users of current versions of Microsoft Windows can install the patch (and any other security updates) by visiting the Windows Update website:

 

http://update.microsoft.com   

 

Those of our readers who are more technically inclined and would like to read more on this issue can refer to Microsoft's Security Bulletin MS06-01 which gives further details of the flaw and how to protect against it:

 

http://www.microsoft.com/technet/security/bulletin/ms06-001.mspx

 

ELM Computer Systems strongly recommends that all users of Microsoft Windows install the WMF exploit patch as soon as possible.

 

As always, please contact me if you have any questions about this or any other computer issue.

 

Previous issues of the ELM Bulletin are available from our website.

 

Please feel free to forward these bulletins to anyone you wish. If you no longer wish to receive these bulletins, or if you received this bulletin by mistake please send me an email with "Please remove me" in the subject line and I will take your name off of the bulletin mailing list.

 

Peter Rhebergen

Technical Specialist, Systems and Software

Email: peter@elmcomputers.com

 

ELM Computer Systems Inc.

502 Gordon Baker Road

Toronto, Ontario, M2H 3B4

 

Telephone

Local: 416 495 1624 (112)

Toll free: 800 268 3211

Fax: 416 495 0044

 

 

 

 

 

Website & Publications

ELM Computer Systems Inc

ELM Bulletin (complementary)

 

Product Websites

T4 TimeSaver (Tax Slip Preparation)

AvanTax (Automobile Taxable Benefits)

T4 OnLine (Online T4/T4A/T5 Preparation)
Copyright© 2008 ELM Computer Systems Inc., All rights reserved. Materials on the ELM website including text, graphics,
and HTML code may not be copied, reprinted, published, translated, hosted, or otherwise distributed by any means without written permission.
Website and logo design by SOHO Creative