
Gartner warns on WMF problem
By Steve Ranger
Published: 4 January 2006 16:00 GMT
Analyst Gartner is warning that a flaw in Windows Meta File (WMF) code in Windows could be a risk to "many" enterprise IT systems, and not just those that directly use the affected process.
Security companies are already warning that the flaw in the Microsoft image-rendering process has spawned dozens of attacks since its discovery last week.
Gartner warned in a research note: "This critical vulnerability could damage many enterprise systems, not just those that directly use the affected process."
The analyst group added: "Mitigating this vulnerability will be difficult", because it is within a Dynamic Link Library file used by an unknown number of applications.
Gartner is recommending companies block WMFs in email attachments and web downloads for "immediate, partial protection until a patch can be deployed".
The note, written by analysts Amrit Williams, Jay Heiser and Neil MacDonald, said URL filtering products should be activated and inline network intrusion prevention systems, antivirus and anti-spyware tools should be updated with the latest signature updates.
Microsoft aims to release a security update to address the vulnerability on 10 January, as part of its monthly release of security bulletins.
A third-party patch is available but Gartner recommends against the use of this unsupported patch, particularly by large enterprises, "because the patch would require extensive testing and eventual de-installation and could introduce additional risk".
URGENT - PEN TESTER - WEB APPS (HOMEBASED / REMOTE) to start THIS MONDAY; Dureation 1 WEEK + EXTENSION (Cica 20 days) for an urgent security pen ...
Title: Web Applications Vulnerability Tester / Penetration Tester Salary: market rates but probably 40k to 60k Company: online / ecommerce company ...
Learn to implement simple bits of JavaScript, HTML and Flash components from our File Library. Understands how to implement bits of JavaScript, HTML ...
Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.
Stories from the web...
Copyright © 2008 CBS Interactive Limited. All rights reserved. Top of page
Clive Longbottom Windows 7: Not perfect - but ready for prime time Microsoft's latest OS fixes most of Vista's ills - but still has challenges ahead
Stephen Kleynhans Mind the details with Windows 7 Just because it might work better than Vista, it doesn't mean you can be sloppy