[an error occurred while processing this directive]
BBC News
watch One-Minute World News
Last Updated: Wednesday, 4 January 2006, 13:43 GMT
Windows bug awaits Microsoft fix
Windows XP on billboard, AFP
The Meta File bug is suffered by several Windows versions
Users may have to wait another week for Microsoft to finish fixing a serious bug in the Windows operating system.

Discovered on 27 December, the bug helps hijack PCs if users visit booby-trapped websites or open e-mail attachments loaded with exploit code.

Microsoft said it hoped to have its fix for the bug available by 10 January.

However, malicious hackers have already exploited the bug and others are likely to follow as tools appear to help them craft even more attacks.

Tool time

Although malicious hackers will have had at least two weeks to exploit the so-called Windows Meta File (WMF) bug, Microsoft played down the seriousness of the security problem.

In a statement it said it had been "monitoring" attempts to exploit the bug.

"Although the issue is serious and the attacks are being attempted, Microsoft's intelligence sources indicate that the scope of the attacks is limited," the software giant said.

But security researchers continued to release warnings about the severity of the problem.

"This one is particularly nasty because is allows people to take control of your computer from over the internet," said Rob Helm, research director at US analysts Directions on Microsoft.

The problem is caused by the way that many versions of Windows treat graphics. A properly crafted file can exploit shortcomings in this system to take over a PC.

Vulnerable versions of Windows include ME, 2000, XP and Server 2003.

So far security companies have found many different exploits for the bug. Some attackers are using e-mail to spread infected attachments but many thousands of websites have been created which use the loophole to install spyware and trojans that take control of a computer.

At the same time a toolkit began circulating that helped malicious hackers craft variants of attacks that exploit the WMF vulnerability.

Users were urged to install an unofficial patch for the WMF bug produced by expert Windows programmer Ilfak Guilfanov.

Anti-virus firms also urged Windows users to keep digital defences up to date to avoid falling victim to the bug. Microsoft said users should avoid visiting unfamiliar websites to avoid infection.


SEE ALSO:
Sites exploit Windows image flaw
29 Dec 05 |  Technology
Criminals target viruses for cash
28 Dec 05 |  Technology
Holes found in PC virus defences
19 Dec 05 |  Technology
Browser users urged to patch up
14 Dec 05 |  Technology
Microsoft warns of latest flaws
09 Nov 05 |  Technology


RELATED BBC LINKS:

RELATED INTERNET LINKS:
The BBC is not responsible for the content of external internet sites


PRODUCTS AND SERVICES

Americas Africa Europe Middle East South Asia Asia Pacific