Microsoft Patches Bevy of GDI Flaws
- By Stephen Swoyer
- April 03, 2007
Microsoft Corp. today released an out-of-band update
to correct a bevy of flaws in its Windows GDI implementation.
At least one of these flaws, which collectively affect all supported versions
of Windows -- including Windows Vista -- has already been linked to a known
zero day attack exploit. Microsoft last week confirmed
that an attacker who successfully exploits a flaw in its Windows Animated Cursor
Handling implementation can take complete control of a compromised Windows system.
Today's update patches this flaw and six others.
The complete tally includes:
The Windows Animated Cursor Handling vulnerability is the only known flaw for
which exploit code -- and actual zero day attacks -- have been substantiated.
Microsoft originally planned to patch these flaws during its scheduled April
10 update (part of its monthly Patch Tuesday update proces), but instead decided
to release an out-of-band update, officials confirm.
"We have been monitoring the situation throughout and our indications, and
those of our MSRA partners, show there is a threat for attacks against this
vulnerability to increase, although we haven't seen anything widespread," wrote
Christopher Budd on Microsoft's Security Response Center (MSRC) blog. "Based
on customer feedback and our teams' ability to complete testing in an expedited
manner by working around the clock, we've gone ahead and released this update
early to help better protect customers from this threat."
Customers typically like to take their time before rolling out operating system
updates on production systems but, in this case, Budd urges admins to expedite
this process. "We are encouraging customers to test and deploy this update as
quickly as possible as well as ensure that you have the latest signatures and
updates for your security products such as anti-virus," he indicated.
Budd recommends that users also check Microsoft's
Master Knowledge Base article to determine which potential conflicts-- if
any -- could crop up once they deploy the update. He noted that there's at least
one known issue which affects Windows XP SP2 users of Realtek's HD Audio Control
Panel, for which there is a hotfix available.
Stephen Swoyer is a Nashville, TN-based freelance journalist who writes about technology.