Microsoft patches Windows graphics bugs
By Miya Knights,
Security experts are urging IT administrators to patch systems affected by a two critical vulnerabilities affecting the core graphics subsystem of Windows revealed by Microsoft late yesterday.
Microsoft released the patch, which was of five given its highest, 'critical' rating and eight fixes in total, as part of its monthly, 'Patch Tuesday' security bulletin.
MS08-02 fixes two vulnerabilities in Windows' graphics device interface (GDI), one of three core Windows subsystems, that the software vendor said could allow a hacker to take over someone's computer if a user opens a document or link containing infected common image files, according to Microsoft.
And, as it had warned in its pre-patch security bulletin last week, the GDI flaw occurs in all versions of Windows, from Windows 2000 to the latest Windows Server 2008 release and Vista running its first service pack (SP1) released just over two weeks ago.
Security vendor Symantec blogged that, along with another expected VBScript/JScript patch, the GDI vulnerability could be "the worst of the bunch".
"The components are installed on multiple flavours of Windows and are relatively easy to exploit. Customers are advised to follow security best practices, specifically avoiding websites of unknown and questionable integrity and refusing to accept or open files from unknown sources," the Symantec Security Response weblog
said.
And this is not the first time Microsoft has tried to address this GDI issue after hackers have developed variants to get around two other fixes issued since January 2006.
Out of the five critical patches, two of them address Windows flaws, while two fix bugs in Windows and Internet Explorer (IE). The other fixes a Microsoft Office vulnerability that can be exploited if a user opens Office Project files.
And, as highlighted by Symantec, MS08-022 patches a known vulnerability in Windows VBScript and JScript scripting engines that, like all the critical vulnerabilities, could potentially allow a hacker to gain control of a compromised system.
The last three 'important' patches address Windows kernel usermode callback local privilege escalation and domain name system (DNS) client service response spoofing vulnerabilities, as well as a remote code execution vulnerability in Office business and technical drawing application, Visio.
advertisement
Latest Management Features
NHS IT - something to celebrate?
To mark the 60th anniversary of the NHS, IT PRO examines the massive IT overhaul at the health services giant.
- HD video conferencing: As good as being there?
- Virtual clients can solve real management trouble
- Sisters are doing IT for themselves
- Working 9-5: Not a way to make a living?
- Managing the public face: Why perception is king in IT
- Creating a mobile data management policy
- Europe's not finished with Microsoft
- When start-ups go public
- Managing IT with a mobile phone
Latest Management Reviews
Canon ImageFORMULA DR-X10C
Rating: 
advertisement
Latest News Videos in Management
Video: Q&A with Richard Archdeacon, Symantec
PlayIT PRO speaks to Richard Archdeacon, director, global services, at the information security software vendor Symantec.
White papers
Want more background on today's hottest IT trends?
Visit IT PRO's white paper library for more on virtualisation, encryption and other topics.
Register for IT PRO
You'll get exclusive member benefits including free white papers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
Social Bookmark this article: What is this?