Microsoft warns of Windows image rendering flaw

Microsoft warns of Windows image rendering flaw

Summary: Microsoft warned of a Windows vulnerability that could allow an attacker to take control of a computer if the user is logged on with administrative rights.

SHARE:

Microsoft warned on Tuesday of a Windows vulnerability that could allow an attacker to take control of a computer if the user is logged on with administrative rights.

To be successful, an attacker would have to send an email with an attached Microsoft Word or PowerPoint file containing a specially crafted thumbnail image and convince the recipient to open it, Microsoft said in its advisory, which also contains information on workarounds.

An attacker also could place the malicious image file on a network share and potential victims would have to browse to the location in Windows Explorer.

For more on this story, read Microsoft warns of Windows flaw affecting image rendering on CNET News.

Topics: Windows, Microsoft, Operating Systems, Security, Software

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

36 comments
Log in or register to join the discussion
  • RE: Microsoft warns of Windows image rendering flaw

    All in all, pretty unlikely scenario.
    Socratesfoot
    • RE: Microsoft warns of Windows image rendering flaw

      yeah just like all flaws highly unlikely to happen. cuz jsut simply clicking an image is highly unlikely to happen
      bspurloc
  • Does not affect Windows 7 or Server 2008 R2?

    Quoted from the CNET News article:<br><br><b>"The vulnerability affects Windows XP Service Pack 3, XP Professional x64 Edition Service Pack 2, Server 2003 Service Pack 2, Server 2003 x64 Edition Service Pack 2, Server 2003 with SP2 for Itanium-based systems, Vista Service Pack 1 and Service Pack 2, Vista x64 Edition Service Pack 1 and Service Pack 2, Server 2008 for 32-bit, 64-bit, and Itanium-based systems and Service Pack 2 for each."</b><br><br>Just making sure it was not an oversight

    [b]Edit:[/b] Nevermind, I read that Windows 7 and Server 2008 R2 are NOT affected. Just wanted to make sure if I had to warn my mother yet again not to open attachments on emails that look suspicious or from people she does not know or was not expecting.
    bobiroc
    • Well, That's Always a Good Warning

      @bobiroc
      You really shouldn't open attachments on emails that look suspicious or from people you do not know, etc. regardless of current security scares. It's better to avoid that type of thing even if you are running a more secure operating system than Windows XP and whatever other versions this applies to.
      CFWhitman
  • RE: Microsoft warns of Windows image rendering flaw

    [i]To be successful, an attacker would have to send an email with an attached Microsoft Word or PowerPoint file containing a specially crafted thumbnail image and convince the recipient to open it, Microsoft said in its advisory, which also contains information on workarounds. [/i]

    Might as well call this flaw already dead. Users won't open it for two reasons. One, the email would come from an unknown/untrusted sender. Two, the big warning message saying that attachments could harm your computer would scare them off into not opening it.
    Loverock Davidson
    • RE: Microsoft warns of Windows image rendering flaw

      @Loverock Davidson

      I think you severely overestimate Users. I agree that those are obvious warning signs but I cannot tell you how many people have blindly clicked on a link or opened an attachment from a random email thinking it was some sort of greeting card or funny picture or video knowing fully that the email came from somebody they did not know.
      bobiroc
      • RE: Microsoft warns of Windows image rendering flaw

        yeah cuz its again highly unlikely the email would come from hotmail.com microsoft.com etc etc etc.....
        highly unlikely as that is not even possible!!!! no way!
        bet thing install 3 software firewalls they will save u!
        bspurloc
    • RE: Microsoft warns of Windows image rendering flaw

      All it takes is a spoofed email account. Not all home users are Tech savvy as Loverock Davidson. /humor
      anonymous
    • RE: Microsoft warns of Windows image rendering flaw

      @Loverock Davidson

      "Users won't open it for two reason."

      Riiiiiiiggghhht.
      BB9193
    • RE: Microsoft warns of Windows image rendering flaw

      @Loverock Davidson
      already dead. Hah. U obviously never worked a help desk.
      jjordan@...
    • RE: Microsoft warns of Windows image rendering flaw

      not that the article states it can just be an image
      bspurloc
    • RE: Microsoft warns of Windows image rendering flaw

      @Loverock Davidson

      If people didn't do stupid stuff <i>just like this,</i> I wouldn't be getting so many fishing emails.
      sporkfighter
    • It Shouldn't Gain Traction, But That Doesn't Mean It Won't

      @Loverock Davidson
      Well, you're right that it shouldn't gain traction, but that doesn't mean that it won't. Having users act rationally all the time would probably cut out at least 75% of current Windows malware.
      CFWhitman
    • RE: Microsoft warns of Windows image rendering flaw

      @Loverock Davidson <br><br>Yes it works every time.

      It works the same way with compiled binaries in GNU/Linux also.
      iiiears@...
  • This one doesn't count

    It requires manual interaction. Therefore, according to the rules as laid out by the ABMers, this one doesn't count.

    Cue the double standards...
    NonZealot
    • RE: Microsoft warns of Windows image rendering flaw

      @NonZealot
      No double standards intended, it is you I find so funny as most of the time you even defend the indefensible. They all have flaws, just none as great as your hyper-inflated ego and fanboy preferences
      partman1969@...
    • You Jumped the Gun

      @NonZealot
      Nobody had made a comment about Windows' lack of security when you posted this. You should have held off a bit longer and replied to one of them.

      This actually is a security flaw, but considering the phishing that is involved in exploiting it, it's a relatively minor one. Also it doesn't even exist, apparently, in Windows 7.

      I'm certainly no fan of Windows, but this isn't that big of a deal. I'm sure a fix will be forthcoming.
      CFWhitman
  • RE: Microsoft warns of Windows image rendering flaw

    So if Windows users use common sense then this is an non issue.
    athynz
    • RE: Microsoft warns of Windows image rendering flaw

      @athynz
      if windows users had any common sense, they wouldn't be using windows. the average windows user has an IT IQ somewhat on a par with a brick. They will click on anything, click through any warning message and then bitch and moan when they're computer is broken. These people are in all likelihood reasonably intelligent in other areas of their lives, they think a windows computer is a toaster. although computers should be as simple to operate as toasters, we're decades from that.
      WhatsamattaU
      • RE: Microsoft warns of Windows image rendering flaw

        @haydens0 <br>With that logic, I guess 90.29% of all users in the world have no common sense, and 9.71% of the world are the only ones with common sense...
        mikroland