Microsoft Confirms Windows Flaw

TIME.com: Microsoft Confirms Windows Flaw -- Page 1: "At a time when most people are enjoying a holiday break, computer security experts are on high alert. On Wednesday, Microsoft confirmed that it is investigating a new security vulnerability in the Windows graphics-rendering engine—the part of Windows that turns code into pictures.

Attackers can take control of a Windows PC by luring users to visit websites where their browser automatically downloads specially coded image files. The tainted files are saved in the Windows Metafile (WMF) format, but can be labeled as seemingly harmless JPEG and GIF files, the most common type of images found in webpages and e-mails. Researchers say attackers use the entry point to install hidden programs that can launch pop-up ads or steal passwords and other sensitive information.

Microsoft's Dec. 28 security advisory recommends trying several ways to keep your PC safe. Under the heading 'Suggested Actions,' the advisory gives step-by-step instructions for disabling the Windows Picture and Fax Viewer.

Microsoft is expected to introduce a patch soon, available to all users through Windows Automatic Update. However, the company will not confirm whether or not the patch will be available by January 10, the date of the next scheduled Windows update. 'We're investigating the issue aggressively,' Mike Reavey, operations manager for Microsoft's Security Response Center, told TIME. Reavey stressed the need to test the safety patch thoroughly before uploading it to users..."

Image Found: Here