News Section Logo NEWS - Return to news section

 

New Windows 'Thumbnail Image' Security Flaw Found

Posted by: , 11:47 AEDT, Wed January 5, 2011
Tags: Computing

Permanent Link     Add Comments
Microsoft warns of a new security threat for older Windows versions in relation to folder thumbnail previews, but is not issuing a fix just yet

A new Windows exploit could open up systems to malware and the theft of information, due to a flaw in the Windows Graphics Rendering Engine.

The vulnerability, first discussed in the middle of December, and for which an open source toolkit to exploit the flaw has just been released, occurs in Windows XP, Vista, Server 2003 and Server 2008. It does not affect Windows 7 and Server 2008 R2.

Attackers can create Office documents and images that contain the exploit, and when users open or even just preview these documents, the attack could be triggered. "This is a remote code execution vulnerability. An attacker who successfully exploited this vulnerability could take complete control of an affected system," Microsoft said in a security advisory.

While a patch is in the works, the only current workaround involves disabling the handling of certain files by the Windows Graphics Rendering Engine, but this could cause said files to be unplayable or unviewable.


Comments:

Related News:

News Icon ImgBurn Updates to Version 2.5.4.0

posted by: Jonathan M, 12:56 AEDT, Wed December 8, 2010

News Icon TMPGEnc Authoring Works Updates to Version 4.0.9.37

posted by: Jonathan M, 09:05 AEDT, Fri March 5, 2010

News Icon Microsoft Debuts Windows Mobile 7

posted by: Jonathan M, 07:12 AEDT, Tue February 16, 2010

News Icon ConvertXtoDVD Updates to Version 4.1.9.347

posted by: Jonathan M, 13:00 AEDT, Wed December 15, 2010

News Icon Media Player Classic Updates to Version 6.4.9.1 (20100214)

posted by: Jonathan M, 12:56 AEDT, Tue February 16, 2010