
Other exploits on the way?
By Joris Evers
Published: 17 January 2007 08:15 GMT
Computer code that exploits a security vulnerability in Windows has been published on the internet, making it more urgent for users of the operating system to patch.
The attack code exploits a flaw in the way Windows handles Vector Markup Language, or VML, documents, which are used for a type of high-quality graphic on the web. The bug lies in a Windows component called 'vgx.dll' which supports these files.
Microsoft provided a fix for the flaw last week with security bulletin MS07-004. At the time, the company warned it had already seen limited cyber attacks exploiting the vulnerability. However, attack code hadn't been available publicly. Yesterday, however, exploit code was published to a widely read online security forum.
A company representative said in a statement: "Microsoft is aware that detailed exploit code was published on the internet that may take advantage of the vulnerability addressed by Microsoft security bulletin MS07-004. Microsoft encourages all customers to apply the most recent security updates."
Prior to the public posting of the exploit, other code that takes advantage of the flaw had been made available to users of a security testing tool made by Immunity. However, these attack blueprints are private, supplied to people who pay for the tool.
Functionality of the public exploit code appears to be limited, Symantec said in an alert to users of its DeepSight security intelligence service. It was unable to get the exploit to work on English language versions of Windows XP and Windows 2000, the company said. Still, the exploit could provide a starting point for other hackers, the security company said.
According to the Symantec alert: "The author has posted the exact location of the flaw, shown in a screen shot from a binary analyser, increasing the likelihood of other exploits being developed."
The VML flaw is similar to a bug for which Microsoft rushed out a fix in September after Windows users came under attack. The vulnerability can be exploited by tricking a user into viewing a malicious VML file on a website with Internet Explorer.
All recent versions of Windows are vulnerable when all recent versions of IE, including IE 7, are in use, according to Microsoft. The exception is Windows Vista, which is not impacted, the software maker said. Microsoft's patches are distributed via Automatic Updates and on the company's Microsoft Update downloads website.
Joris Evers writes for CNET News.com
Responsibilities: - Deliver security assessment services including network scanning, vulnerability testing, penetration testing, search engine ...
You will also have the opportunity to contribute to the regular reports published by the company on the industry, which are purchased and utilised ...
Package includes flexitime, pension scheme, plus additional benefits, for an informal discussion, please contact Tim Leather, Head of IT on: 02380 ...
CIO50 2008
The silicon.com CIO50 2008 profiles the most influential and innovative tech chiefs in the UK across all industries and organisation size, from the biggest FTSE100 companies to high growth dot-com start ups and the public sector. The list was voted on by the UK CIO community and a panel of experts. Find out more in our latest special report.
Stories from the web...
Copyright ©1995-2008 CNET Networks, Inc. All rights reserved. Top of page
Peter Cochrane Peter Cochrane's Blog: Is convergence a fiction? Or could it finally be happening…
Clive Longbottom Quocirca's Straight Talking: A game of two halves Microsoft Virtualisation scores while its SOA bores...