Gartner warns on WMF problem
By Steve Ranger
Published: 4 January 2006 16:00 GMT
Analyst Gartner is warning that a flaw in Windows Meta File (WMF) code in Windows could be a risk to "many" enterprise IT systems, and not just those that directly use the affected process.
Security companies are already warning that the flaw in the Microsoft image-rendering process has spawned dozens of attacks since its discovery last week.
Gartner warned in a research note: "This critical vulnerability could damage many enterprise systems, not just those that directly use the affected process."
The analyst group added: "Mitigating this vulnerability will be difficult", because it is within a Dynamic Link Library file used by an unknown number of applications.
Gartner is recommending companies block WMFs in email attachments and web downloads for "immediate, partial protection until a patch can be deployed".
The note, written by analysts Amrit Williams, Jay Heiser and Neil MacDonald, said URL filtering products should be activated and inline network intrusion prevention systems, antivirus and anti-spyware tools should be updated with the latest signature updates.
Microsoft aims to release a security update to address the vulnerability on 10 January, as part of its monthly release of security bulletins.
A third-party patch is available but Gartner recommends against the use of this unsupported patch, particularly by large enterprises, "because the patch would require extensive testing and eventual de-installation and could introduce additional risk".
Your responsibilities will include; Proactive Server Maintenance through monitoring and patch management and deployment Installation, configuration ...
DCA is dedicated team for Patch installation management, HealthChecks, Vulnerability scans, Antivirus administration and Service Activation and ...
The role will involve the assessment of vulnerabilities, patch testing and application deployment via remote systems such as SMS/SCCM, WSUS and ...
Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.
Stories from the web...
Copyright © 2008 CBS Interactive Limited. All rights reserved. Top of page
Digg
Slashdot
Del.icio.us
Stumble
Reddit
RSS Feeds
Jon Collins Is losing a mobile device really such a big deal? How to minimise the damage to your business
Tim Ferguson Exclusive: Former MySQL boss Marten Mickos talks open source Why Microsoft could become one of the "biggest friends of open source" and why Oracle getting its hands on MySQL could be "one of the biggest open source coups ever"...