By Gregg Keizer , TechWeb Technology News
A new unpatched vulnerability in Microsoft Windows and an in-the-wild exploit appeared Wednesday as security firms raised their alarms to Critical.
The bug is in Windows' rendering of Windows Metafile (WMF) images, a component that's been patched three times in the last two years, most recently in November by the bulletin MS05-053. The newest flaw, however, is different enough from November's that fully-patched Windows XP SP2 and Windows Server 2003 machines can be compromised.
""This exploit is doing something a bit different,"" said Shane Coursen, a senior technical analyst with Moscow-based Kaspersky Labs. ""It looks like it affects the same DLL as MS05-053, but it's not overflowing the buffer."" According to Microsoft's MS05-053 bulletin, the November vulnerability was in an unchecked buffer.
Microsoft would only acknowledge that it's looking into the problem, the usual response from the Redmond, Wash.-based developer to news of zero-day exploits of its software.
""Microsoft is investigating new public reports of a possible vulnerability in Windows and will continue to investigate the public reports to help provide additional guidance for customers,"" said a Microsoft spokesperson. ""Upon completion of this investigation, Microsoft will take the appropriate action, which may include providing a fix through our monthly release process or issuing a security advisory, depending on customer needs.""
Security and vulnerability tracking companies' reactions were more dramatic: they immediately raised alert levels, both because the flaw was an unpatched ""zero-day"" bug, and also because exploits were already out and about. Danish security company Secunia, for instance, tagged the new flaw as ""Extremely critical,"" its highest warning; Symantec, meanwhile, gave it a rating of 9.4 on its 10-point scale for vulnerability alerts.
Multiple Web sites, said Ken Dunham, the director of Reston, Va.-based iDefense's rapid response team, are using a working exploit to compromise Windows machines. Attackers need only to cajole users into visiting sites planted with malicious WMF files, or get them to open such image files sent as e-mail attachments.
""WMF exploitation has taken off in the past twelve hours,"" said Dunham. ""It's likely that WMF exploitation will be very successful in the near term.""
|
BreakthroughIT seeking Project Manager in Groton, CT
Monsanto seeing IT Transportation and Optimization Analyst in St. Louis, MO
Princeton Financial Systems seeking Business Analyst 4 in Princeton, NJ
CSAA seeking IT Analyst IV in Glendale, AZ
DisplaySearch seeking IT Project Manager in Austin, TX
For more great jobs, career-related news, features and services, please visit our ""Career Center.
TechWeb's FREE e-mail newsletters deliver the news you need to come out on top.
Get definitions for more than 20,000 IT terms.
Editorial and vendor perspectives
SMBs: Taking backup and storage beyond tape. Download the free white paper.
Take the layered approach to safeguarding assets: Free white paper has details