Second sample of Windows attack code posted
LATEST NEWS
- Second MYOB founder boosts Xero holding
- Vodafone NZ loses customers || 7
- Video will drive UFB uptake, but NZ lacks content choices: ComCom || 4
- TelstraClear's half-year revenue drops by 4 percent, but telco posts $1m profit
- Peter Finch leaves CIO post at Gen-i || 1
- 2degrees announces 875,656 customers || 1
SUBSCRIBE
Computerworld is New Zealand's only specialised information systems fortnightly. Subscribe now for $100 (23 issues) and save more than 37% off the cover price!
SIGN UP
Hackers have released software that takes advantage Windows image rendering bug and can cause an unpatched Windows PC to crash
By Robert McMillan | San Francisco | Friday, 2 December, 2005
For the second time this week, hackers have posted a sample of code that could be used to attack a Windows machine that has not been updated with the most recent Microsoft. security patches.
On Tuesday the French Security Incident Response Team (FrSIRT) website posted a sample of a maliciously encoded image file that could be used by attackers to grind a Windows PC to a halt.
This latest example exploits a critical vulnerability in the way that Windows processes files saved in the Windows Metafile graphics format. Metafile is a graphics format used by CAD (computer-aided design) software. Files that use this format have either a .wfm or .emf extension.
“The crafted metafile from this code when viewed in Internet Explorer raises the CPU utilisation to 100%,” the FrSIRT advisory states.
The advisory did not say which versions of Windows are at risk from this software, but it noted that the code had been tested on Windows 2000 Server, Service Pack 4. The Windows Metafile problems affect virtually all supported versions of Windows, according to Microsoft's website.
Microsoft believes that this code could be used to effectively rendering a machine unusable, something called a denial of service (DoS) attack, but it can not be used to take over an unpatched computer, the software vendor's public relations agency said in a statement.
Microsoft fixed this Metafile bug in its MS05-053 Security Update, released Nov 8, so customers who have not yet applied this patch are the only ones at risk from this new attack.
Earlier this week, hackers released code that took advantage of a second Windows security hole, which was patched in October. That software exploited a flaw in the Microsoft Distributed Transaction Coordinator (MSDTC), a component of the operating system that is commonly used by database software to help manage transactions.
The MSDTC attack software could be used to knock Windows systems out of operation, according to Microsoft's statement. Code that took advantage of this flaw has been in circulation since mid-October, but had not been posted on a public website before this week.
Microsoft is not aware of any active attacks that use either of these malicious code samples, the statement says.
MOST POPULAR
Social Media @Computerworld NZ
Computerworld NZ has now reached LinkedIn! Join to expand your networks and meet others interested in information systems.
