More holes in Windows revealed: Three new “critical” security holes in Windows, even on machines patched with SP2. Keep patchin’, folks.
Symantec has also warned about a second vulnerability in a Windows component called “LoadImage” that is used to load desktop icons, cursors, or bitmap images. A flaw in the way LoadImage processes image files could allow malicious hackers to use specially crafted images to trigger an overflow and place their own code on vulnerable machines. Images that trigger the flaw could be sent in e-mail messages or downloaded from Web pages controlled by the hackers, Symantec said.