Microsoft Fix for Windows Security Hole

Microsoft have earlier this month rushed out a security patch designed to prevent hackers exploiting a loophole in the way that Windows handles certain types of images.

The problem, called the Windows Meta File (WMF) bug, is potentially very serious: it means that a malicious user can hide code on a webpage or in an email containing files with the wmf extentsion.

Samples of code designed to exploit the hole have been posted on the internet, and can successfully attack even fully-patched Windows XP SP2 systems. Some examples are spyware which tries to trick people into handing over their credit card details, or which installs software to send thousands of spam e-mails.

The potential for exploiting this security hole is even greater. "This one is particularly nasty because is allows people to take control of your computer from over the internet," said Rob Helm, research director at US analysts Directions on Microsoft.

Attention was first drawn to the hole at the end of December last year. Patches are now available for all at-risk versions of Windows, and can be downloaded from http://www.microsoft.com/technet/security/Bulletin/MS06-001.mspx

For more than three years now, Microsoft has been working to improve the security and reliability of its software as more and more malicious software targets weaknesses in Windows and other Microsoft software. More than 90 percent of the world's personal computers run on the Windows operating system. Vulnerable versions of Windows include ME, 2000, XP and Server 2003.