Microsoft Promises To Patch Worsening Zero-Day Flaw - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
News
News
12/29/2005
01:02 PM
50%
50%

Microsoft Promises To Patch Worsening Zero-Day Flaw

In a security advisory posted on its Web site, Microsoft confirmed the vulnerability and the associated release of exploit code, but declined to give a timetable for its patch.

As bleaker details emerged Thursday about the threat posed by a zero-day vulnerability in Windows, Microsoft said it would produce a patch for the flaw but declined to put the fix on a timetable.

In a security advisory posted on its Web site, Microsoft confirmed the vulnerability and the associated release of exploit code that could compromise PCs, and listed the operating systems at risk. Windows 2000 SP4, Windows XP, Windows Server 2000, Windows 98, and Windows Millennium can be attacked using the newly-discovered vulnerability in WMF (Windows Metafile) image file parsing, said Microsoft.

"Upon completion of [our] investigation, Microsoft will take the appropriate action to help protect our customers," the advisory stated. "This will include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs."

Microsoft rarely goes out-of-cycle to patch a vulnerability -- it's done so only three times since it began a once-a-month patch release schedule in October, 2003; the last time was over a year ago -- and didn't patch early in December when another zero-day bug surfaced, even after experts called on the Redmond, Wash.-based developer to fix fast.

One security vendor told its customers Thursday not to hold their breath waiting for a fix for the flaw.

"Further investigation by the DeepSight Threat Analyst Team has uncovered the possibility that this issue may actually occur according to the WMF file specification, and may therefore be difficult to fix," wrote Symantec in an alert to clients of its early warning service. "If this is the case, a fix for the problem may take some time to develop."

And other details began emerging Thursday that indicated the threat may be worse than originally believed.

"It's really easy to get this thing," said Shane Coursen, a senior technical analyst with Moscow-based Kaspersky Labs. "The exploit will even work through a DOS box."

Rival security firm F-Secure, which is based in Helsinki, Finland, explained how that happens, and pinned blame on Google's Desktop search tool in the process.

"You can get burned even while working in a DOS box!" wrote Mikko Hypponen, F-Secure's chief research officer, in an entry to the company's research blog. "This happened on one of our test machines where we simply used the WGET command-line tool to download a malicious WMF file. That's it, it was enough to download the file. So how on earth did it have a chance to execute?"

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
2020 State of DevOps Report
2020 State of DevOps Report
Download this report today to learn more about the key tools and technologies being utilized, and how organizations deal with the cultural and process changes that DevOps brings. The report also examines the barriers organizations face, as well as the rewards from DevOps including faster application delivery, higher quality products, and quicker recovery from errors in production.
Slideshows
10 Top Cloud Computing Startups
Cynthia Harvey, Freelance Journalist, InformationWeek,  8/3/2020
Commentary
How Enterprises Can Adopt Video Game Cloud Strategy
Joao-Pierre S. Ruth, Senior Writer,  7/28/2020
Commentary
Conversational AI Comes of Age
Guest Commentary, Guest Commentary,  8/7/2020
Register for InformationWeek Newsletters
Video
Current Issue
Special Report: Why Performance Testing is Crucial Today
This special report will help enterprises determine what they should expect from performance testing solutions and how to put them to work most efficiently. Get it today!
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll