Microsoft Fixes Vulnerability in Graphics Interface

Home

Graphics Tools

Microsoft Fixes Vulnerability in Graphics Interface
By Brian Prince
2009-03-11

Article Rating:

/ 0

Rate This Article:

Add This Article To:

Digg this

Del.icio.us

Slashdot

Y! My Web

E-mail

Furl

Google

Simpy

Spurl!

PDF Version

Microsoft has released security bulletins covering vulnerabilities in Windows for Patch Tuesday. One of the bulletins, rated critical, fixes an input validation situation related to GDI that could be exploited to run arbitrary code.

Microsoft released three security bulletins March 10 for Patch Tuesday, including a patch for a critical vulnerability in the Windows kernel affecting the graphics device interface.

According to Microsoft, the Windows kernel does not properly validate input passed from user mode through the kernel component of GDI. The vulnerability could allow hackers to run arbitrary code, and can be exploited by hackers via a malicious EMF or WMF image file.

"This vulnerability provides numerous attack vectors—it can be hosted on a Web page, sent in an e-mail or even exploited locally," said IBM X-Force Threat Response Manager Holly Stewart. "Even though the use of malicious images has been in practice for some time, many end users still do not consider images, documents and other seemingly 'friendly' file formats to be malicious."

	Discuss Microsoft Fixes Vulnerability in Graphics Interface

	>>> Be the FIRST to comment on this article!



	>>> More Graphics Tools Articles >>> More By Brian Prince

Email Article To Friend ♦ Print Version Of Article ♦ PDF Version Of Article

Buyer's Guide

	Explore hundreds of products in our Publish.com Buyer's Guide.

	Web design Content management Graphics Software Streaming Media	Video Digital photography Stock photography Web development

View all >

FREE ZIFF DAVIS ENTERPRISE ESEMINARS AT ESEMINARSLIVE.COM

Dec 10, 4 p.m. ET
Eliminate the Drawbacks of Traditional Backup/Replication for Linux with Michael Krieger. Sponsored by InMage

Dec 11, 1 p.m. ET
Data Modeling and Metadata Management with PowerDesigner with Joel Shore. Sponsored by Sybase

Dec 12, 12 p.m. ET
Closing the IT Business Gap: Monitoring the End-User Experience with Michael Krieger. Sponsored by Compuware

Dec 12, 2 p.m. ET
Enabling IT Consolidation with Michael Krieger. Sponsored by Riverbed & VMWare

Join us on Dec. 19 for Discovering Value in Stored Data & Reducing Business Risk. Join this interactive day-long event to learn how your enterprise can cost-effectively manage stored data while keeping it secure, compliant and accessible. Disorganized storage can prevent your enterprise from extracting the maximum value from information assets. Learn how to organize enterprise data so vital information assets can help your business thrive. Explore policies, strategies and tactics from creation through deletion. Attend live or on-demand with complimentary registration!

Register Today!

FEATURED CONTENT

IT LINK DISCUSSION - MIGRATION
A Windows Vista® migration introduces new and unique challenges to any IT organization. It's important to understand early on whether your systems, hardware, applications and end users are ready for the transition.
Join the discussion today!

.NAME Charging For Whois
Whois has always been a free service, but the .NAME registry is trying to change that.
Read More >>

Sponsored by Ziff Davis Enterprise Group

NEW FROM ZIFF DAVIS ENTERPRISE

Delivering the latest technology news & reviews straight to your handheld device

Now you can get the latest technology news & reviews from the trusted editors of eWEEK.com on your handheld device
mobile.eWEEK.com

RSS 2.0 Feed

Publish.com

Google Watch

Google GPay Patent Whets the Wireless Thirst

Google Drops Curtain on Home Decor Trademark Suit

Google News Goes Straight to the Source

Video Interviews

Designing Apps for Usability
DevSource interviews usability pundit Dr. Jakob Nielsen on everything from the proper attitude for programmers to the importance of prototyping in design to the reasons why PDF, Flash and local search engines can hurt more than they help.

BUYER'S GUIDES

• Content management

• Digital photography

• Graphics Software

• Stock photography

• Streaming Media

• Video

• Web development

• Web design

View all >

	Publish: Contact Us \| Advertise \| Site Map

	Ziff Davis Enterprise Home \| Contact Us \| Advertise \| Link to Us \| Reprints \| Magazine Subscriptions \| Newsletters Tech RSS Feeds \| White Papers \| ROI Calculators \| Tech Podcasts \| Tech Video \| VARs \| System Builder
	Baseline \| Careers \| Channel Insider \| CIO Insight \| DesktopLinux \| DeviceForge \| DevSource \| eSeminars \| eWEEK \| Enterprise Network Security \| LinuxDevices \| Linux Watch \| Microsoft Watch \| Mid-market \| Networking \| PDF Zone \| Publish \| Security IT Hub \| Strategic Partner \| TechDirect \| Web Buyer's Guide \| Windows for Devices
	Developer Shed \| Dev Shed \| ASP Free \| Dev Articles \| Dev Hardware \| SEO Chat \| Tutorialized \| Scripts \| Code Walkers \| Web Hosters \| Dev Mechanic \| Dev Archives \| igrep Use of this site is governed by our Terms of Use and Privacy Policy
	Copyright ©1996-2013 Ziff Davis Enterprise Holdings Inc. All Rights Reserved. Publish is a trademark of Ziff Davis Enterprise, Inc. Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis Enterprise Inc. is prohibited.