Less than a day after Microsoft detailed the latest Windows vulnerability, hackers were hunting for exploit codes.
Hackers are drooling at the thought of exploiting Microsoft's most recent vulnerabilities, security analysts said Thursday.
Less than 24 hours after Microsoft released details of the latest vulnerability in Windows, hackers were sharing details and eager to get their hands on exploit code, says Ken Dunham, the director of malicious-code research for security-intelligence firm iDefense.
"Hackers are already actively discussing the new JPEG vulnerability and how to exploit it," Dunham says in an E-mail to TechWeb.
Tuesday, Microsoft noted that a bug in Windows XP, Windows XP SP1, and Windows Server 2003, as well as many of the company's flagship applications, could allow attackers to grab control of PCs.
Exploit code exists, Dunham adds, to launch a successful denial-of-service attack on vulnerable applications, proving it's possible to create an exploit that executes code--in other words, make a worm.
"While this type of exploit code has not yet publicly emerged in the [attacker] underground, this does prove that it's more likely for hackers to develop such exploit code," Dunham says.
Another analyst, Vincent Weafer, the senior director of Symantec Corp.'s virus research team, agrees. "We fully expect that [hackers] will go into this," Weafer says. "There's enough knowledge about this [vulnerability] to easily make it exploitable."
The most likely attack avenue, both Dunham and Weafer say, is an HTML E-mail that includes or links to a hostile .jpg image, although links to malicious Web sites or even instant messages could be used as attack vectors.
Another issue that hackers will undoubtedly use to their benefit, Weafer says, is the reputation of .jpg-formatted images. "Generally, they're considered safe by most users," he says. "People send JPEG images all the time." Images, for instance, are rarely blocked by E-mail security at the gateway, unlike other file formats such as .exe or .com. That makes it "even more likely," Weafer says, that hackers will rush to roll out worms.
Difficulties patching the bug will add to the problem, Dunham and Weafer predict. It's "complicated and tough for administrators to audit," Dunham says. Because the JPEG processing flaw is widespread--not only in the operating systems but also in such popular applications as those in the Office XP and Office 2003 suites--administrators may be hard-pressed to patch before an exploit is circulating.
"If this vulnerability is exploited on a widespread basis, it may be some time before all of the vulnerable computers are identified and properly patched," Dunham says.
Worse, even patched systems can later be turned into vulnerable computers, Weafer adds, if applications with the flawed image processing .dll are later installed on made-safe PCs.
"That could 'undo' the patch," Weafer says, "and makes the 'stickiness' of the [patches] more difficult than normal."
In addition, Dunham concludes, not even the massive Service Pack 2 update for Windows XP completely protects against the bug, since "other products may also need to be patched to fully protect against this vulnerability."
Building A Mobile Business MindsetAmong 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps – and it's past time for those with no plans to get cracking.