NFR Security unveils a protection against a zero-day Windows exploit that hackers have been targeting since last week. The exploit is in the way several versions of Microsoft's Windows OS handle corrupted .WMF (Windows Metafile) graphic files.
NFR Security's Rapid Response Team tested the exploit against the current package of NFR Security's Badfiles, version 23, which was released 30 November, the company says. Users of that package have a perimeter defense against attacks on the Windows vulnerability, according to NFR Security in Rockville, Maryland.
Because of the centralised architecture of the Badfiles package, protected customers do not need to update or change the configuration of their system to detect transmissions of a malicious file over multiple protocols without regard to filename extension, according to NFR Security. Customers using NFR's intrusion prevention system will be able to halt transmission of the file without it ever entering their networks, the company says.
The vulnerability, which researchers warned of on last week, was described as "zero day" because malicious hackers were taking advantage of it while there was no patch or certified workaround against it.
Microsoft put out a security alert about the flaw and said the company was investigating it. The alert can be found here.
Versions of Windows vulnerable because of the flaw include Windows 2000 Service Pack (SP) 4, Windows XP SP1 and SP2, Windows XP Pro, most versions of Windows Server 2003, Windows 98 and Windows ME.
Security researchers say malicious hackers could run the code of their choice on compromised Windows systems, and even machines that have all available patches installed are vulnerable to attacks. Machines could be attacked if users visited hostile web sites hosting exploits; opened a malicious .WMF file in Windows Picture and Fax Viewer; or previewed a malicious .WMF file in Windows Explorer.