The company said that it's not aware of attacks leveraging this vulnerability. Affected systems include Vista, Server 2003, and Windows XP, but not Windows 7 or Windows Server 2008 R2.Source: InformationWeek
SANS Internet Storm center handler and security researcher Johannes Ullrich observes that the vulnerability could be exploited through malicious thumbnail images attached to Office documents and sent via e-mail or over a network. He says there's no patch available but there are steps that can be taken to mitigate the risk by preventing the rendering of thumbnail images.
Microsoft warns for security flaw in Windows Graphics Rendering Engine
Posted on Wednesday, January 05 2011 @ 16:47 CET by Thomas De Maesschalck