A new Windows exploit could open up systems to malware and the theft of information, due to a flaw in the Windows Graphics Rendering Engine.
The vulnerability, first discussed in the middle of December, and for which an open source toolkit to exploit the flaw has just been released, occurs in Windows XP, Vista, Server 2003 and Server 2008. It does not affect Windows 7 and Server 2008 R2.
Attackers can create Office documents and images that contain the exploit, and when users open or even just preview these documents, the attack could be triggered. "This is a remote code execution vulnerability. An attacker who successfully exploited this vulnerability could take complete control of an affected system," Microsoft said in a security advisory.
While a patch is in the works, the only current workaround involves disabling the handling of certain files by the Windows Graphics Rendering Engine, but this could cause said files to be unplayable or unviewable.