Exploits for fixed Windows Image rendering bug out

Exploits for fixed Windows Image rendering bug out

Microsoft released just one patch this month on the second Tuesday. This patch was to fix an image-rendering flaw. However, exploits making use of this vulnerability in the Windows Operating System have appeared in the market. Anti-virus vendor Trend Micro Inc. has reported that they have seen a Trojan in the wild attacking Windows users making use of this flaw.

The security company has named this bug TROJ_EMFSPLOIT.A and it crashes the Explorer.exe process. This leads to the taskbar disappearing from the screen. The company describes this Trojan as a “proof-of-concept Trojan” that exploits the Graphics Rendering Engine vulnerability. Microsoft had labeled this flaw as critical and warned the users that the flaw can lead to a malicious hacker take “complete control” of unpatched Windows 2000, Windows XP (including SP2), and Windows Server 2003.

The Trojan discovered in the wild however is a low threat one as it only causes a denial-of-service condition. The patch released on this Tuesday addresses three separate image-rendering flaws in the Windows operating system. The image flaw is quite a serious one considering user can get infected by just loading an image in the browser or email client.

Microsoft said in a statement: “Any program that renders WMF or EMF images on the affected systems could be vulnerable to this attack. An attacker who successfully exploited this vulnerability could take complete control of an affected system.”