Skip navigation

Vulnerabilities in Microsoft Graphics Rendering Engine

There's just one patch from Microsoft this month, but it's important for workstations and terminal servers. For my full commentary on the patch, you can visit

MS05-053--Vulnerabilities in Graphics Rendering Engine Could Allow Code Execution (896424)

This critical bulletin addresses remote code, root privilege, and Denial of Service (DoS) risks related to a certain image file format. You can probably avoid loading the patch on most servers, but given the impact and wide use of image files, I recommend updating your workstations as soon as possible. For testing, I recommend loading it on a typical workstation for your environment and then putting the computer through its paces, exercising each application, especially any related to graphics or authoring.

The patch actually fixes three vulnerabilities that all reside in the same files. At least one of the three security holes exposes Windows XP Service Pack 2 (SP2) and Windows Server 2003 SP1 to critical risk, but the general trend holds true that vulnerabilities being discovered have less impact on these two latest versions of Windows. Getting your systems upgraded to these two baselines will definitely pay off.

TAGS: Security
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.