14 DAY TRIAL // eEye Digital Security announced yesterday that two new vulnerabilities have been discovered in the Microsoft Windows operating system.
The editions at risk are Micrososft Windows, editions Windows 2000 SP4, XP SP1 and XP SP2, XP Professional x64, Windows Server 2003, Windows Server 2003 SP1 and Windows Server 2003; these vulnerabilities are regarded as critical.
Microsoft has been known to have a very slow reaction in patching security breaches, like they recently proved that it took almost 200 days to patch a highly critical vulnerability.
The flaws eEye Digital Security discovered relate to the handling of images in two formats - Windows Metafile and Enhanced Metafile - by the graphics rendering engine in Windows. Any software that renders these format images could be exploited by an attacker.
Marc Maiffret, Chief Hacking Officer of eEye Digital Security, the man who discovered the two flaws, said the company had informed Microsoft about six other flaws, five of which are considered high risk because they could be exploited remotely.