Attackers exploit recent Microsoft fix

By

Hackers continue trying to exploit a patched vulnerability in Microsoft's Graphic Display Interface (GDI), researchers said this week.

Attackers exploit recent Microsoft fix
Craig Schmugar, threat researcher at McAfee, reported that the first exploit was discovered on Friday, three days after the issue was patched by bulletin MS08-021.

On Monday, hackers publicly posted a basic exploit toolkit, which signals that the criminal underground may soon develop a more sophisticated and widespread way to take advantage of the bug.

"One method the bad guys use is to take the patch and reverse engineer it," Schmugar told SCMagazineUS.com on Tuesday. "They look at the files on the computer prior to installing the patch and then after, and try to compare the two and see how they can take advantage of the change."

The exploit – which can permit remote code execution if a user opens a specially crafted EMF or WMF image file – does not affect customers who have installed the updates detailed in MS08-021, said Bill Sisk, security response communications manager for Microsoft.

"By default, Microsoft Windows XP, Windows Vista, Windows  Server 2003, and Windows Server 2008 customers will have this update applied automatically through Automatic Updates," Sisk said.

Microsoft encourages all customers to apply its most recent security updates to help ensure that their computers are protected from attempted criminal attacks.

Schmugar said that GDI has had vulnerability issues in the past. The fact that Microsoft credited three researchers with discovering the flaw suggests that multiple people were looking for potential problems and more problems could be on the way.

See original article on scmagazineus.com
Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

CBA looks to GenAI to assist 1200 'security champions'

CBA looks to GenAI to assist 1200 'security champions'

Australia's super funds told to assess authentication controls

Australia's super funds told to assess authentication controls

NSW Police to embark on $126m IT overhaul

NSW Police to embark on $126m IT overhaul

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Log In

  |  Forgot your password?