When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

Attacks begin against critical Patch Tuesday bug

Only Windows XP SP3 -- that's right, SP3 -- is safe. Hackers are trying to exploit a critical Windows vulnerability just patched on Tuesday, security researchers said this afternoon -- and the only version of Windows not at risk is the unfinished Windows XP Service Pack 3 (SP3). Fortunately, attackers' incompetence means that these initial sorties have been unsuccessful, Symantec Corp. said in a brief warning to customers of its DeepSight threat service. "The DeepSight honeynet has observed in-the-wild exploit attempts targeting a GDI vulnerability patched by Microsoft on April 8, 2008," said Symantec in its alert.

On Tuesday, Microsoft Corp. patched two bugs, both pegged as "critical," in Windows' GDI, or graphics device interface, one of the core components of the operating system. According to Microsoft, every current version of Windows, including the very newest, Vista SP1 and Server 2008, is open to attack. The vulnerabilities can be triggered by malformed WMF (Windows Metafile) or EMF (Enhanced Metafile) image files, Microsoft noted in its accompanying advisory.

News Source: Computer World

Report a problem with article
Next Article

Microsoft Exec: UAC Designed To 'Annoy Users'

Previous Article

Microsoft fastest to issue OS patches, Sun Slowest

Join the conversation!

Login or Sign Up to read and post a comment.

21 Comments - Add comment