Only Windows XP SP3 -- that's right, SP3 -- is safe. Hackers are trying to exploit a critical Windows vulnerability just patched on Tuesday, security researchers said this afternoon -- and the only version of Windows not at risk is the unfinished Windows XP Service Pack 3 (SP3). Fortunately, attackers' incompetence means that these initial sorties have been unsuccessful, Symantec Corp. said in a brief warning to customers of its DeepSight threat service. "The DeepSight honeynet has observed in-the-wild exploit attempts targeting a GDI vulnerability patched by Microsoft on April 8, 2008," said Symantec in its alert.
On Tuesday, Microsoft Corp. patched two bugs, both pegged as "critical," in Windows' GDI, or graphics device interface, one of the core components of the operating system. According to Microsoft, every current version of Windows, including the very newest, Vista SP1 and Server 2008, is open to attack. The vulnerabilities can be triggered by malformed WMF (Windows Metafile) or EMF (Enhanced Metafile) image files, Microsoft noted in its accompanying advisory.
News Source: Computer World