Don't miss our upcoming Network Computing virtual event on Connectivity Solutions - Secure Your Complementary Seat Now!
A new unpatched vulnerability in Microsoft Windows and an in-the-wild exploit appeared Wednesday as security firms raised their alarms to Critical.
The bug is in Windows' rendering of Windows Metafile (WMF) images, a component that's been patched three times in the last two years, most recently in November by the bulletin MS05-053. The newest flaw, however, is different enough from November's that fully-patched Windows XP SP2 and Windows Server 2003 machines can be compromised.
"This exploit is doing something a bit different," said Shane Coursen, a senior technical analyst with Moscow-based Kaspersky Labs. "It looks like it affects the same DLL as MS05-053, but it's not overflowing the buffer." According to Microsoft's MS05-053 bulletin, the November vulnerability was in an unchecked buffer.
Microsoft would only acknowledge that it's looking into the problem, the usual response from the Redmond, Wash.-based developer to news of zero-day exploits of its software.
"Microsoft is investigating new public reports of a possible vulnerability in Windows and will continue to investigate the public reports to help provide additional guidance for customers," said a Microsoft spokesperson. "Upon completion of this investigation, Microsoft will take the appropriate action, which may include providing a fix through our monthly release process or issuing a security advisory, depending on customer needs."
With the move to the cloud, CISOs must shift priorities from operating security programs to overseeing (monitoring and auditing) outsourced cybersecurity programs.
2022 was a boon year for IT salaries. 2023 came in like a beast with layoffs, raise freezes, and ChatGPT, but that beast has few teeth.
Age is only a number. Don't let a high number cancel your career.
