IT News from
Enterprise Product Reviews from
Enterprise Software News from
IT Security News from
Enterprise Storage News From
VoIP News from
IT Management Insights from
Business News from
SEARCH

December 28, 2005 (2:51 PM EST)

Attackers Exploit New Zero-Day Windows Bug

Page 1 of 2

By Gregg Keizer , TechWeb Technology News

A new unpatched vulnerability in Microsoft Windows and an in-the-wild exploit appeared Wednesday as security firms raised their alarms to Critical.

The bug is in Windows' rendering of Windows Metafile (WMF) images, a component that's been patched three times in the last two years, most recently in November by the bulletin MS05-053. The newest flaw, however, is different enough from November's that fully-patched Windows XP SP2 and Windows Server 2003 machines can be compromised.

""This exploit is doing something a bit different,"" said Shane Coursen, a senior technical analyst with Moscow-based Kaspersky Labs. ""It looks like it affects the same DLL as MS05-053, but it's not overflowing the buffer."" According to Microsoft's MS05-053 bulletin, the November vulnerability was in an unchecked buffer.

Microsoft would only acknowledge that it's looking into the problem, the usual response from the Redmond, Wash.-based developer to news of zero-day exploits of its software.

""Microsoft is investigating new public reports of a possible vulnerability in Windows and will continue to investigate the public reports to help provide additional guidance for customers,"" said a Microsoft spokesperson. ""Upon completion of this investigation, Microsoft will take the appropriate action, which may include providing a fix through our monthly release process or issuing a security advisory, depending on customer needs.""

Security and vulnerability tracking companies' reactions were more dramatic: they immediately raised alert levels, both because the flaw was an unpatched ""zero-day"" bug, and also because exploits were already out and about. Danish security company Secunia, for instance, tagged the new flaw as ""Extremely critical,"" its highest warning; Symantec, meanwhile, gave it a rating of 9.4 on its 10-point scale for vulnerability alerts.

Multiple Web sites, said Ken Dunham, the director of Reston, Va.-based iDefense's rapid response team, are using a working exploit to compromise Windows machines. Attackers need only to cajole users into visiting sites planted with malicious WMF files, or get them to open such image files sent as e-mail attachments.

""WMF exploitation has taken off in the past twelve hours,"" said Dunham. ""It's likely that WMF exploitation will be very successful in the near term.""

Page 1 of 2
Next


   Try TechWeb's RSS Feed!
(Note: The feed delivers stories from TechWeb.com only, not the entire TechWeb Network.)
SECURITY WHITE PAPERS AND REPORTS
Auditing: What You Need to Know
All companies must go through a formal auditing process to ensure they're meeting various compliance demands. In theory, this exercise will help them understand where their security holes are and how to make appropriate improvements. But how do companies ensure their auditors understand specific IT security issues and requirements? We find out.

Using QUALYSGUARD to meet SOX compliance & IT control objectives
As a guideline to achieve SOX compliance, the SEC has mandated that organizations use a recognized internal control framework—specifically the recommendations of the Committee of the Sponsoring Organizations of the Treadway Commission (COSO). This document shows how CobIT provides the actionable framework for compliance with COSO.

Regulatory Compliance and Critical System Protection: The Role of Mission-Critical Power and Cooling in Data Integrity and Availability
This white paper addresses the regulatory compliance issues that impact business continuity planning and how mission-critical power, cooling, and monitoring strategies support business continuity.

Keeping Up Your SOX Compliance - And Turning IT into a High Performer by Improving Change Control
Learn how to sustain ongoing SOX compliance efforts by recognizing & implementing the IT controls that deliver long-term competitive advantages as well as meeting SOX requirements. This paper provides guidance to improve your Sarbanes-Oxley program efforts and highlights key information on Tripwire and to the many ways we can support your efforts.

Top ten search terms from the TechWeb TechEncyclopedia

How does your pay rate? Check the InformationWeek Salary Survey

Best practices for deploying wireless messaging in global companies

Learn to profit from color printing in the enterprise

Get a FREE IT Service Management Process Roadmap

Related White Papers

CAREER CENTER
Ready to take that job and shove it?
SEARCH
Function:

Keyword(s):

State:
SPONSOR

RECENT JOB POSTINGS
CAREER NEWS
If you're thinking about establishing yourself in Second Life -- or are wondering whether you should -- we've got five rules that will help your new venture be a success.

The global defense and tech company is seeking tech professionals skilled in Web site development, general software development, database administration, digital manufacturing, SAP/ABAP, complex CAD/CAM and PLM activities.

Advertisement






Specialty Resources

Featured Microsite

Related Links


Microsites

Featured Topic

Additional Topics

Crush The Competition

TechWeb's FREE e-mail newsletters deliver the news you need to come out on top.

Techencyclopedia

Get definitions for more than 20,000 IT terms.