Skip to main content

Microsoft Releases WMF Patch Early

Even a titan can move quickly when it has to: Microsoft has released a security patch purporting to fix a critical security flaw in rendering WMF images. The problem goes all the way back to Windows 98, and, unlike many previous security vulnerabilities, could potentially be exploited if a user simply viewed a malicious image on a Web site or in an email message.

The security flaw was discovered last week, and involves rendering of Windows Metafile (WMF) graphical images: if an image were maliciously constructed to contain particular escape codes, simply displaying the image on a vulnerable Windows system could let an attacker run arbitrary code, potentially taking over the machine, compromising the user’s privacy, and obtaining sensitive information. Microsoft says attempts to exploit the flaw have appeared on the Internet, but appear so far to have been limited in scope.

Once the flaw was revealed, its extent and potential severity led analysts and computer users to strongly demand Microsoft patch the problem outside its normal security update schedule. Microsoft originally announced it would release the update on January 10, 2006, as part of its regular monthly release of security bulletins and offered some technical tips to reduce user exposure to the problem.

Several third-party developers released unofficial patches which claimed to reduce or eliminate the vulnerability. For its part, Microsoft has little choice but to warn users not to install a third-party patch for a flaw in the Windows operating system: although most such developers no doubt have the Windows community’s best intentions at heart (and many are reputable), Microsoft cannot test and vouch for the efficacy of third-party patches, and there’s always the possibility a malicious attacker would release software with its own nefarious payload.

Windows users can use Automatic Updates will receive the update automatically; the update can also be downloaded manually from Microsoft’s Download Center, or by using Microsoft Update or Windows Update.

Editors' Recommendations

Geoff Duncan
Former Digital Trends Contributor
Geoff Duncan writes, programs, edits, plays music, and delights in making software misbehave. He's probably the only member…
Microsoft might end one of the most annoying GPU wars
Three RTX 4080 cards sitting on a pink background.

The never-ending battle between AMD, Nvidia, and Intel doesn't just involve their graphics cards -- it also stretches to their respective upscaling solutions. It's not all about performance, either, but also the number of games that support them. Microsoft aims to streamline and unify these upscalers, making it easier for game devs to add support for every GPU vendor.

The main issue with having three different upscaling solutions lies not just in how well they all perform in relation to each other (although that's pretty interesting, too), but in how many games can support them. After all, what's the point in DLSS, FSR, and XeSS, if they're not available in too many games? This is where Microsoft's new API, dubbed DirectSR, might come in handy.

Read more
How to take a screenshot using a Microsoft Surface
A 2017 Microsoft Surface Pro on a table.

Whether you want to capture friends and relatives making funny faces on Skype or need accessible photos of online resources or programs, screenshots benefit users in many ways. Since the Surface Pros are a bit different than other 2-in-1 laptops, however, you may find yourself wondering how to take a screenshot on one. Here, we take the mystery out of the

Read more
Microsoft may fix the most frustrating thing about Windows updates
Windows 11 updates are moving to once a year.

Most Windows users will agree that one of the most annoying things about the operating system is the updates. While Windows Updates are necessary, they often tend to come up at the worst possible time, interrupting work and gaming sessions with persistent reminders that the system needs to reboot. Microsoft might be fixing that problem in the upcoming Windows 11 24H2 build, but it's still too early to bid farewell to those ill-timed reboots.

As spotted in the latest Windows 11 Insider Preview Build 26058, Microsoft is testing "hot patching" for some Windows 11 updates. Hot patching refers to a dynamic method of updating that often doesn't change the software version and may not even need a restart. In the context of Windows 11, it's pretty straightforward -- Windows will install the update, and you won't have to reboot your system.

Read more