Microsoft fixes Windows graphics bugs
Microsoft has released two critical fixes affecting its core graphics subsystem, as part of its regular patch Tuesday update.
Patch MS08-02 fixes two vulnerabilities in the Windows’ graphics device interface, which could allow a hacker to take over someone’s computer if a user opens a document or link containing infected common image files, according to Microsoft.
Security vendor Symantec claims that the vulnerability could be “the worst of the bunch”.
“The components are installed on multiple flavours of Windows and are relatively easy to exploit. Customers are advised to follow security best practices, specifically avoiding websites of unknown and questionable integrity and refusing to accept or open files from unknown sources,” says the Symantec Security Response weblog.
This is not the first time Microsoft has been forced to address this flaw, after hackers successfully worked around the two previous fixes issued since January 2006.
Of the five critical patches, two address Windows flaws, while two fix bugs in Windows and Internet Explorer. The other fixes a Microsoft Office vulnerability that can be exploited if a user opens Office Project files.
MS08-022 patches a known vulnerability in the Windows VBScript and JScript scripting engines, which could allow a hacker to gain control of a compromised system.