Less than a day after Microsoft detailed the latest Windows vulnerability, hackers were hunting for exploit codes.
Hackers are drooling at the thought of exploiting Microsoft's most recent vulnerabilities, security analysts said Thursday.
Less than 24 hours after Microsoft released details of the latest vulnerability in Windows, hackers were sharing details and eager to get their hands on exploit code, says Ken Dunham, the director of malicious-code research for security-intelligence firm iDefense.
"Hackers are already actively discussing the new JPEG vulnerability and how to exploit it," Dunham says in an E-mail to TechWeb.
Tuesday, Microsoft noted that a bug in Windows XP, Windows XP SP1, and Windows Server 2003, as well as many of the company's flagship applications, could allow attackers to grab control of PCs.
Exploit code exists, Dunham adds, to launch a successful denial-of-service attack on vulnerable applications, proving it's possible to create an exploit that executes code--in other words, make a worm.
"While this type of exploit code has not yet publicly emerged in the [attacker] underground, this does prove that it's more likely for hackers to develop such exploit code," Dunham says.
Another analyst, Vincent Weafer, the senior director of Symantec Corp.'s virus research team, agrees. "We fully expect that [hackers] will go into this," Weafer says. "There's enough knowledge about this [vulnerability] to easily make it exploitable."
The most likely attack avenue, both Dunham and Weafer say, is an HTML E-mail that includes or links to a hostile .jpg image, although links to malicious Web sites or even instant messages could be used as attack vectors.
Another issue that hackers will undoubtedly use to their benefit, Weafer says, is the reputation of .jpg-formatted images. "Generally, they're considered safe by most users," he says. "People send JPEG images all the time." Images, for instance, are rarely blocked by E-mail security at the gateway, unlike other file formats such as .exe or .com. That makes it "even more likely," Weafer says, that hackers will rush to roll out worms.
Difficulties patching the bug will add to the problem, Dunham and Weafer predict. It's "complicated and tough for administrators to audit," Dunham says. Because the JPEG processing flaw is widespread--not only in the operating systems but also in such popular applications as those in the Office XP and Office 2003 suites--administrators may be hard-pressed to patch before an exploit is circulating.
"If this vulnerability is exploited on a widespread basis, it may be some time before all of the vulnerable computers are identified and properly patched," Dunham says.
Worse, even patched systems can later be turned into vulnerable computers, Weafer adds, if applications with the flawed image processing .dll are later installed on made-safe PCs.
"That could 'undo' the patch," Weafer says, "and makes the 'stickiness' of the [patches] more difficult than normal."
In addition, Dunham concludes, not even the massive Service Pack 2 update for Windows XP completely protects against the bug, since "other products may also need to be patched to fully protect against this vulnerability."
[Interop ITX 2017] State Of DevOps ReportThe DevOps movement brings application development and infrastructure operations together to increase efficiency and deploy applications more quickly. But embracing DevOps means making significant cultural, organizational, and technological changes. This research report will examine how and why IT organizations are adopting DevOps methodologies, the effects on their staff and processes, and the tools they are utilizing for the best results.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.