You are here: silicon.com > Software > Operating Systems

Operating Systems

Windows flaw could hit enterprise systems

Gartner warns on WMF problem

Tags: microsoft windows

By Steve Ranger

Published: 4 January 2006 16:00 GMT

Analyst Gartner is warning that a flaw in Windows Meta File (WMF) code in Windows could be a risk to "many" enterprise IT systems, and not just those that directly use the affected process.

Security companies are already warning that the flaw in the Microsoft image-rendering process has spawned dozens of attacks since its discovery last week.

This critical vulnerability could damage many enterprise systems, not just those that directly use the affected process.

Gartner warned in a research note: "This critical vulnerability could damage many enterprise systems, not just those that directly use the affected process."

The analyst group added: "Mitigating this vulnerability will be difficult", because it is within a Dynamic Link Library file used by an unknown number of applications.

Gartner is recommending companies block WMFs in email attachments and web downloads for "immediate, partial protection until a patch can be deployed".

The note, written by analysts Amrit Williams, Jay Heiser and Neil MacDonald, said URL filtering products should be activated and inline network intrusion prevention systems, antivirus and anti-spyware tools should be updated with the latest signature updates.

Microsoft aims to release a security update to address the vulnerability on 10 January, as part of its monthly release of security bulletins.

A third-party patch is available but Gartner recommends against the use of this unsupported patch, particularly by large enterprises, "because the patch would require extensive testing and eventual de-installation and could introduce additional risk".

  1. Zones
  2. Management
  3. Networks
  4. Software
  5. IT Services
  6. Hardware
  1. Verticals
  2. Public Sector
  3. Financial Services
  4. Retail & Leisure

for IT White Papers Newsletter


  • Jobs
3 rd line Wintel Support Engineer - Central London

Your responsibilities will include; Proactive Server Maintenance through monitoring and patch management and deployment Installation, configuration ...

Systems Integration Engineer

DCA is dedicated team for Patch installation management, HealthChecks, Vulnerability scans, Antivirus administration and Service Activation and ...

Technical Analyst - SMS, SCCM, WSUS - Patch & Release

The role will involve the assessment of vulnerabilities, patch testing and application deployment via remote systems such as SMS/SCCM, WSUS and ...

Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.





Quick Sitemap Links: