Fully patched systems running Windows XP and Windows Server 2003 are open to attack from malicious hackers, various security firms warned last week. And what’s the Windows vulnerability this time? A newly discovered flaw in the way those two Windows versions handle .WMF (Windows Metafile) graphic files.
Security firms describe the exploit as “zero day,” because malicious hackers are taking advantage of it while there is no patch or workaround against the vulnerability. They warned last week that machines can be attacked if users visit hostile Web sites hosting exploits; open a malicious .WMF file in Windows Picture and Fax Viewer; or preview a malicious .WMF file in Windows Explorer.
The number of attacks could increase dramatically if malicious hackers find more automated ways to target systems, such as using e-mail, IM, or file sharing, said Ken Dunham, director of the rapid response team at VeriSign’s iDefense.
Attacks so far have been limited to installation of adware and spyware on compromised machines, but “you’re probably going to see Trojans and more sinister code develop and emerge in the next few days,” Dunham said.