Hackers are trying to exploit a critical Windows vulnerability just patched on Tuesday, security researchers said this afternoon -- and the only version of Windows not at risk is the unfinished Windows XP SP3.
Fortunately, attack incompetence means that these initial sorties have been unsuccessful, Symantec said in a brief warning to customers of its DeepSight threat service. "The DeepSight honeynet has observed in-the-wild exploit attempts targeting a GDI vulnerability patched by Microsoft on April 8, 2008," said Symantec in its alert.
On Tuesday, Microsoft patched two bugs, both pegged as "critical," in Windows' GDI, or graphics device interface, one of the core components of the operating system. According to Microsoft, every current version of Windows, including the very newest, Vista Service Pack 1 (SP1) and Server 2008, is open to attack.
The vulnerabilities can be triggered by malformed WMF (Windows Metafile) or EMF (Enhanced Metafile) image files, Microsoft noted in its accompanying advisory .
Analysts on Tuesday fingered the GDI bugs as the most dangerous of the 10 disclosed and patched by Microsoft that day. They noted similarities between the two new vulnerabilities and others revealed in late 2005, which were extensively exploited by attackers for months afterward.
Amol Sarwate, manager of Qualys Inc.'s vulnerability research lab, said at the time that he expected attackers to quickly begin leveraging the bug. "Users who simply view an image online or in e-mail could be compromised," he said.
Thursday, Symantec said it had spotted three different Web sites hosting malicious WMF/EMF image files that were targeting one of the two GDI bugs. However, those images weren't able to exploit the flaw. "Analysis of the images has shown that although [they] appear to be malicious, they do not contain enough data in the associated image property to sufficiently trigger the vulnerability," read Symantec's warning. "We are still investigating the issue as to why this may be the case."
The security company urged users to apply the GDI patches pronto if they have not done so already. "These attack attempts highlight the severity of this issue and it is only a matter of time before new images that successfully trigger the issue are observed in the wild," Symantec concluded.
Ironically, the only version of Windows not vulnerable to attack is XP Service Pack 3 (SP3), the still-not-released final update to the aged operating system. Hidden in the MS08-021 security bulletin was the sentence: "Windows XP Service Pack 3 is not affected by this vulnerability."
Windows XP SP3's release date remains a mystery. Although Microsoft has not budged from its "first half of 2008" public statements, others have speculated that the service pack will wrap up later this month. One Web site, which correctly predicted release dates for Vista SP1, has pegged XP SP3's roll-out as coming in the second half of April.
Microsoft's GDI patches can be downloaded and installed via the Microsoft Update and Windows Update services, as well as through Windows Server Update Services.
Read up on the latest ideas and technologies from companies that sell hardware, software and services. Zones provide focussed content from Computerworld and leading technology partners.
Discover how SOA can create smarter outcomes for your business.
Attend and learn:
- How SOA is helping leading companies to become more agile
- Where you should be applying SOA processes in your company
- The top SOA implementation mistakes to avoid
Click here for more information.
- +
Computerworld Live Podcast #98: The Future of Datacentre IP 18/12/2008 10:33:00
CW Live speaks withLin Nease, Director of Emerging Business for HP ProCurve, to discuss the future of networks, including the effect of IP-based storage on datacentres, new capacity requirements generated by the use of 10Gb Ethernet, and how an efficient network design can slash energy and cooling costs, and help enterprises build a "green" image. - +
Computerworld Live Podcast #97: The Future of Enterprise Networking 25/07/2008 09:45:36
This week CW Live chats with Mark Thompson, global sales and marketing manager for HP ProCurve, on the future of the enterprise networking. Mark discusses the trends we can expect to see in the near future and how the right infrastructure can ensure your enterprise network is secure. - +
Computerworld Live Podcast #96: Security at the Edge 11/06/2008 09:22:22
CW Live speaks with Amol Mitra, HP ProCurve Director of Marketing for Asia Pacific and Japan. Today's topic: how enterprises are starting to shift away from simply controlling security via server logins, firewalls and moving to more adaptive security frameworks. - +
Data Management Edition #10: Multi-Petascale Systems 02/05/2008 09:12:33
This week we look at sustainability and the development of multicore technologies to build multi-petascale systems. - +
IT Security Edition #11: How to poison the Storm botnet 01/05/2008 08:51:55
This week CW Live presents a case study on how to poison the notorious Storm botnet . Plus we take a look at Cisco's plans for Ironport.
IT industry veteran advises caution on outsourcing selection in light of Satyam problems 2009-01-09 21:45:00+11
F-Secure Warns About a Worm Affecting Corporate Networks 2009-01-08 16:42:00+11
Research software developer appoints Susan Dart to new Business Development Director role 2009-01-08 09:08:00+11
Research software developer appoints Susan Dart to new Business Development Director role 2009-01-08 09:08:00+11
Anyware Introduce Two Powerful PCI TV Tuner Cards with S5 Power Up and Windows Media Center Remote 2009-01-07 17:30:00+11
Everything you need to know about email and web security (but were afraid to ask)
What you don’t know can destroy your business. It’s hard to imagine modern business without the internet but in the last few years it has become fraught with danger. Read on to discover how internet security can give your business a competitive advantage.
