[an error occurred while processing this directive]
BBC News
watch One-Minute World News
Last Updated: Thursday, 29 December 2005, 11:07 GMT
Sites exploit Windows image flaw
Hand on computer mouse
Users advised not to click on links in e-mails from unknown sources
Computer users are being alerted to a new flaw in Microsoft Windows which can be used to attack a PC.

The US net watchdog, the Computer Emergency Response Center (Cert), and security firms have issued warnings about certain types of image files called Windows Metafiles.

Experts said numerous websites were taking advantage of the flaw to sneak into computers and install spyware.

Microsoft has said it is looking into the issue.

Spam bots

The flaw centres on the way Microsoft's operating system handles Windows Metafiles (.wmf). These are image files that can contain both vector and bitmap-based picture information.

Microsoft encourages users to exercise caution when they open e-mail and links in e-mail from untrusted sources
Microsoft security advisory
The hole means that an attacker can hide malicious code on a webpage or an e-mail containing files with the wmf extension.

"Exploit code has been publicly posted and used to successfully attack fully-patched Windows XP SP2 systems," said Cert. "However, other versions of the Windows operating system may be at risk as well."

Security firm Websense said it had discovered numerous websites that were using the flaw to infect a PC with spyware.

It said the spyware tried to trick people into handing over their credit card details as well as installing software to send thousands of spam e-mails.

The appearance of the exploit on websites has led security firms to raise the level of alert, with Secunia describing the hole as extremely critical.

Experts say there is no patch available for the flaw, which affects computers running Windows XP, ME, 2000 and Windows Microsoft Windows Server 2003.

"Microsoft is investigating new public reports of a possible vulnerability in Windows," said a security advisory on its website.

"Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers.

"Microsoft encourages users to exercise caution when they open e-mail and links in e-mail from untrusted sources."

It has also provided details of a temporary way around the flaw which involves switching off the Windows Picture and Fax Viewer in Windows XP.


SEE ALSO:
Criminals target viruses for cash
28 Dec 05 |  Technology
Virus creators target their work
15 Nov 05 |  Technology
UK in grip of hi-tech crime wave
17 Jun 05 |  Business
Microsoft warns of latest flaws
09 Nov 05 |  Technology
Viruses use Sony anti-piracy CDs
11 Nov 05 |  Technology
Net users told to get safe online
27 Oct 05 |  Technology


RELATED BBC LINKS:

RELATED INTERNET LINKS:
The BBC is not responsible for the content of external internet sites


PRODUCTS AND SERVICES

Americas Africa Europe Middle East South Asia Asia Pacific