WMF (Windows Meta File) FLAW A New Type Of Bug

Just days after Microsoft rushed out a patch to fix a critical Windows flaw related to the processing of Windows Meta File images, two more problems with the component were flagged. The newly disclosed issues could be a conduit for denial-of-service attacks, according to a description sent to the Bugtraq mailing list on Monday. A core function of the Windows operating system, explorer.exe, will crash a vulnerable Windows PC if a user views a specially crafted WMF image, according to the description. Explorer runs the Windows user interface, including the Start menu, taskbar, desktop and file manager. Microsoft is aware of the problems, a representative for the software maker said in an e-mailed statement. The company had identified these issues before the report and is evaluating fixes for inclusion in the next service pack for the affected products, the representative said. "Microsoft's initial investigation has found that these are not security vulnerabilities but rather performance issues that could cause an application to stop responding," the representative said. Microsoft disputes that the flaws can cause Windows to stop responding, but said they may affect an application used to view a WMF image. Such applications include the Windows Picture and Fax Viewer. "(The issues) may cause the WMF application to crash, in which case the user may restart the application and resume activity," the software maker said. The issues do not allow an attacker to commandeer a Windows system, Microsoft noted. Word of the new problems comes just days after Microsoft rushed out a critical update for a vulnerability related to the rendering of WMF files. Cybercriminals were taking advantage of that flaw to attack Windows computers via malicious Web sites, Trojan horses and instant-messaging worms. More HERE Microsoft plans to scour its code to look for flaws similar to a recent serious Windows bug and to update its development practices to prevent similar problems in future products. The critical flaw, in the way Windows Meta File images are handled, is different than any security vulnerability the software maker has dealt with in the past, Kevin Kean and Debby Fry Wilson, directors in Microsoft's Security Response Center, said in an interview with CNET News.com. Typical flaws are unforeseen gaps in programs that hackers can take advantage of and run code. By contrast, the WMF problem lies in a software feature being used in an unintended way. In response to the new threat, the software company is pledging to take a look at its programs, old and new, to avoid similar side effects. "Now that we are aware that this attack vector is a possibility, customers can be certain that we will be scrubbing the code to look for any other points of vulnerability based on this kind of attack," Fry Wilson said. Microsoft has been working for years to improve its security posture, beginning with its Trustworthy Computing Initiative, launched in early 2002. The WMF problem is not a good advertisement for Microsoft's security efforts, one analyst said, as the legacy issue seemingly went undetected. "This should have been caught and eliminated years ago," Gartner analyst Neil MacDonald said. "They overlooked image format files, and that is where this WMF issue came in." Microsoft now faces a race with cybercriminals, who are likely on the prowl for the same bugs as well, experts said. The software maker is in a constant battle with miscreants who seek to attack computer users.