Microsoft Promises To Patch Worsening Zero-Day Flaw - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

01:02 PM

Microsoft Promises To Patch Worsening Zero-Day Flaw

In a security advisory posted on its Web site, Microsoft confirmed the vulnerability and the associated release of exploit code, but declined to give a timetable for its patch.

Hypponen explained that the test machine had Google Desktop installed; Like other desktop search applications, Google's tool automatically indexes the metadata of images -- including WMF files -- in real time. To do that, it issues an API call to the vulnerable DLL (shimgvw.dll) to extract the metadata. "This is enough to invoke the exploit and infect the machine," added Hypponen. The SANS Institute's Internet Storm Center also tossed in its two cents of bad news.

Although some security firms on Wednesday advised enterprises to block WMF files at the network edge, that may not be a decent defense for long.

"Windows XP will detect and process a WMF file based on its content, and not rely on the extension alone," wrote analyst Chris Carboni on the center's blog. "[That] means a WMF sailing in disguise with a different extension might still be able to get you."

Hackers could simply rename a malicious WMF file with, say, a .gif or .jpg file extension, attach it to an e-mail message, and assuming a user opens the file, infect a system.

At the moment, say the experts, exploits are "only" installing spyware and/or fake anti-spyware software. That's bad enough, said two security firms, including one that specializes in combating spyware.

"Now we're seeing many more using this to install bad stuff," said Alex Eckelberry, president of anti-spyware developer Sunbelt Software. "This is a really bad exploit. Be careful out there."

Websense, a San Diego-based content filtering firm, has posted a video that shows the infection process, and said that it was tracking "thousands" of sites distributing the exploit code from just one host site. Spyware now, said another security professional, but even more malicious software next.

"The technique that is being used can and will be combined with traditional malware like Mytob or Bagle," Stefana Ribaudo, the director of Computer Associates eTrust Security told TechWeb in an e-mail. "We're concerned that in the absence of a patch or even readily followed steps to secure systems, that we could see additional delivery methods such as e-mailing the WMF file (especially with jokes and holiday greetings) and instant messaging.

"Once workers are back in the office after the holiday, we could see an increase [in the exploit],” warned Ribaudo.

(Editor's note: This related story examines how to protect PCs against the new zero-day bug.)

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
2 of 2
Comment  | 
Print  | 
More Insights
2021 State of ITOps and SecOps Report
2021 State of ITOps and SecOps Report
This new report from InformationWeek explores what we've learned over the past year, critical trends around ITOps and SecOps, and where leaders are focusing their time and efforts to support a growing digital economy. Download it today!
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

Becoming a Self-Taught Cybersecurity Pro
Jessica Davis, Senior Editor, Enterprise Apps,  6/9/2021
Ancestry's DevOps Strategy to Control Its CI/CD Pipeline
Joao-Pierre S. Ruth, Senior Writer,  6/4/2021
IT Leadership: 10 Ways to Unleash Enterprise Innovation
Lisa Morgan, Freelance Writer,  6/8/2021
Register for InformationWeek Newsletters
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll