Microsoft Releases WMF Patch Early

Even a titan can move quickly when it has to: Microsoft has released a security patch purporting to fix a critical security flaw in rendering WMF images. The problem goes all the way back to Windows 98, and, unlike many previous security vulnerabilities, could potentially be exploited if a user simply viewed a malicious image on a Web site or in an email message.

The security flaw was discovered last week, and involves rendering of Windows Metafile (WMF) graphical images: if an image were maliciously constructed to contain particular escape codes, simply displaying the image on a vulnerable Windows system could let an attacker run arbitrary code, potentially taking over the machine, compromising the user’s privacy, and obtaining sensitive information. Microsoft says attempts to exploit the flaw have appeared on the Internet, but appear so far to have been limited in scope.

Once the flaw was revealed, its extent and potential severity led analysts and computer users to strongly demand Microsoft patch the problem outside its normal security update schedule. Microsoft originally announced it would release the update on January 10, 2006, as part of its regular monthly release of security bulletins and offered some technical tips to reduce user exposure to the problem.

Several third-party developers released unofficial patches which claimed to reduce or eliminate the vulnerability. For its part, Microsoft has little choice but to warn users not to install a third-party patch for a flaw in the Windows operating system: although most such developers no doubt have the Windows community’s best intentions at heart (and many are reputable), Microsoft cannot test and vouch for the efficacy of third-party patches, and there’s always the possibility a malicious attacker would release software with its own nefarious payload.

Windows users can use Automatic Updates will receive the update automatically; the update can also be downloaded manually from Microsoft’s Download Center, or by using Microsoft Update or Windows Update.


Is your PC safe? Foreshadow is the security flaw Intel should have predicted

Three new processor vulnerabilities have appeared under the 'Foreshadow' banner. They're similar in nature to Meltdown and Spectre, only they steal data from different memory spaces. Here's everything you need to know.
Emerging Tech

Police body cams are scarily easy to hack into and manipulate, researcher finds

Nuix cybersecurity expert Josh Mitchell has demonstrated how it is possible to hack into and potentially manipulate footage from police body cams. The really scary part? It's shockingly easy.
Smart Home

White-hat Chinese hackers turn Alexa into a spy, briefly

A team of Chinese researchers revealed this week that they were able to use a cracked Amazon Echo to exploit a series of Alexa interface flaws to take control over an unteuched Echo running on the same network.

Bloatware could be putting millions of Android devices at risk

A study has revealed that changes to Android's firmware and added bloatware from carriers could be making millions of Android smartphones vulnerable to massive hacks and potential data theft.

PDF to JPG conversion is quick and easy using these simple methods

Converting file formats can be an absolute pain, but it doesn't have to be. We've put together a comprehensive guide on how to convert a PDF to JPG, no matter which operating system you're running.
Product Review

Recent production woes make the Eve V a worse buy than it once was

Our Eve V review looks at a crowdsourced detachable tablet that checks some boxes for its backers. Its delay in making it to the market holds it back in some areas, and Eve Technology is an unknown quantity.

With Q#, Microsoft is throwing programmers the keys to quantum

Quantum computers aren’t yet practical, but Microsoft has already developed a programming language for them. Q# works inside Visual Studio, just like most other languages, and could offer a gateway into the weird world of quantum physics.

Here's how to convert an MP4 to an MP3 file with online and offline tools

Sometimes you just want the audio without the video. In this guide, we'll show you how to convert an MP4 to an MP3 using web-based software and dedicated programs for both Windows and MacOS.

Crypto-intrigued? Here's how to buy Bitcoin for the first time

Is it time to purchase your first Bitcoin investment? If you're ready to get involved in the cryptocurrency, we'll walk you through how to pick an exchange, how to choose the right wallet, and how to buy Bitcoin the safe way!
Product Review

Dell's classic 4K P2715Q monitor still holds up today

The Dell P2715Q might not be the most modern of 4K displays, but its IPS panel, extensive connectivity, and easily adjusted stand make it more than competitive with the newest crop of screens.

Style up your MacBook Air with one of these great cases or sleeves

Whether you’re looking for added protection or a stylish flourish, you’re in the right place for the best MacBook Air cases. We have form-hugging cases, luxurious covers and padded sleeves priced from $7 to $130. Happy shopping!

Art-inspired face blurring can obscure identity without losing humanity

Researchers have developed an AI-generated anonymity system that “paints” over video frames, using inspiration from masters like Picasso and Van Gogh to reimagine a person’s appearance. The goal is to minimize outer resemblance but…

Nvidia ‘more than happy to help’ if Tesla’s self-driving chip doesn’t pan out

After Tesla CEO Elon Musk announced the intention to use an in-house Autopilot chip, Nvidia CEO Jensen Huang responded to an analyst's question, saying that if the Tesla chip doesn't work out, he'd be more than happy to help.
Emerging Tech

Awesome Tech You Can’t Buy Yet: inflatable backpacks and robotic submarines

Check out our roundup of the best new crowdfunding projects and product announcements that hit the Web this week. You can't buy this stuff yet, but it sure is fun to gawk!