The publicly disclosed vulnerability resides in the Windows Graphics Rendering Engine and could be exploited by cybercriminals to run arbitrary code on a victim's PC. The code would be run in the security context of the logged in user, so would be less threatening under a limited account than one with full administrative rights.
The flaw does not affect Microsoft's latest major operating systems, Windows 7 or Windows Server 2008 R2, but does affect the following installations.
**Server Core installation not affected
- Windows XP Service Pack 3
- Windows XP Professional x64 Edition Service Pack 2
- Windows Server 2003 Service Pack 2
- Windows Server 2003 x64 Edition Service Pack 2
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Vista Service Pack 1 and Windows Vista Service Pack 2
- Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2
- Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2**
- Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2**
- Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2
Microsoft is working with its partners through the Microsoft Active Protections Program (MAPP) to keep an eye on the threat. MAPP's 70 partners include providers of anti-virus and anti-malware products that provide protection for an estimated one billion customers worldwide. So far, Microsoft is not aware of any attacks that try to use the reported vulnerability, but is monitoring for them and will take action against any malicious sites that attempt to.
In order to target the vulnerability, the victim has to be convinced to visit a specially crafted Web page, or to open an attachment in an e-mail containing a crafted Office document or something similar. Microsoft is currently working on a security update to address the issue in the affected software.
The advisory details a workaround that can be used in the meantime by any concerned users. It involves modifying the Access Control List on shimgvw.dll to be more restrictive, which can cause media files displayed by the Graphics Rendering Engine to display incorrectly. Information on how to perform the workaround (and reverse it later) can be found on the Microsoft Security Advisory (2490606) page.
Written by: James Delahunty @ 5 Jan 2011 8:46