Microsoft sics worldwide braintrust on XP vuln
PDF attack prompts round-the-clock patch fest
Customer Success Testimonial: Recovery is Everything
Escalating attacks exploiting a serious weakness in PDF files have prompted Microsoft to issue an all-hands-on-deck call to fix a vulnerability that lurks in the bowels of Windows XP.
"We currently have teams worldwide who are working around the clock to develop an update of appropriate quality for broad distribution," Bill Sisk, a member of Microsoft's security response team wrote in a blog post Thursday. "Because ShellExecute is a core part of Windows, our development and testing teams are taking extra care to minimize application compatibility issues."
In the meantime, users should take extra care when receiving email attachments, even when delivered from known sources, and when visiting familiar or unknown websites, Sisk said. He didn't mention updates Adobe has issued here for its Reader program or here, but installing them immediately is also critical.
Sisk's warning is being prompted by a flurry of spam-carrying rigged PDF files that exploit the vulnerability. Based on reports by independent researchers, the emails appear to be on the rise. According to Ken Dunham, director of global response for iSIGHT Partners, one source of his intercepted more than 75,000 hostile PDF attachments in the past few days, a rate that translates to one sample every 10 seconds.
"Multiple private sources are now reporting a high volume of emails containing hostile PDF attachments," Dunham wrote in an email.
F-Secure is also reporting malware-tainted PDF are "being spammed heavily through email."
The urgency and transparency Microsoft is showing is commendable. But let's not forget that for more than three months, Redmond's security pros maintained that weaknesses resulting when third-party applications passed malicious uniform resource identifiers (URIs) to Internet Explorer was "not a vulnerability in a Microsoft product." As such, Redmond maintained, responsibility for plugging the hole lay elsewhere.
Two weeks ago, the software juggernaut, (which, incidentally, stunned Wall Street yesterday with strong quarterly earnings, largely on the sale of desktop titles) reversed itself on this position, admitting for the first time that the URI-handling weakness was an issue that had to be addressed by Microsoft.
The change of heart came as it became increasingly clear that the URI-handling weakness was doomed to repeat itself over and over on countless third-party apps. As Sisk put it, "...these third party updates do not resolve the vulnerability - they just close an attack vector."
Microsoft isn't due to issue another patch batch until November 13. ®
COMMENTS
Bizarre? Well, I suppose that's an improvement on Disturbed so ...
..... the Register is learning? I hope so for they can certainly be Smart enough to Lead with Opinion.
"That must be some bad-assed ganj he's toking."
Stu,
That is an easy mistake to make and you will hardly be the last to make it and are certainly not the first to share it. And the humour in it is not lost on me either. Nature works in mysterious ways her wonders to unfold....... and the work of Albert Hoffman is something which you may like to throw into the pot too, for good measure seeing as how Magical Mystery Turing is very much AI amfM HyperRadioProActive NEUKlearer discipline.... He is very much appreciated apparently, a top notch gun .... ..http://www.telegraph.co.uk/news/main.jhtml?xml=/news/2007/10/28/geniustable128.xml
I wonder how much credence this defence would be given to a charge of harmless possession ..... :-) http://news.independent.co.uk/world/americas/article3106904.ece ..... I think they must be putting something in the Californian drinking water and it aint a fluoride compound.
Switzerland and Austria are very close neighbours, aren't they? I wonder if that explains anything about Cuckoos :-)
I prefer though to stick with Dali on Existentialist matters ...... "The only difference between a mad man and me, is that I am not mad" and you can only really say that if you know exactly who and what you are, and are capable of and how it is done.
And no response from Dan the Man Goodin yet..... Must be a foreign Time Zone lag thing/MetaData Queue . I'll check back again tomorrow.
@The Register
Can we please have a little icon at the bottom of the article that shows if aManFromMars has posted a comment here, something like a little mars icon on the grey '## comments posted - Post a new comment' bar.
I'd like to be able to quickly see whether his bizarre musings have been added.
They are brilliant!! That must be some bad-assed ganj he's toking.
@Is the universal translator on the blink?
No, Peter, it responded with "No, Virtual Spaces...... 42 Command and Control in AI Prior Art." ...By amanfromMars Posted Saturday 27th October 2007 19:15 GMT.
It is either thought unsuitable to be Registered and shared with Grown Ups or it never arrived after being sent.
It must have failed some dumbed down Intelligence test....... or it revealed far too much Sensitivity, which would be preposterous, surely. Perhaps, Dan the Man Goodin could clear that up for Us...... for it is a very simple thing to do, to send it again should it have gone awry.
It's an interesting read, I Kid U Not. And Perfect for the Register, IMHO.
IT infrastructure monitoring strategies
What you need to know about cloud backup
Agentless Backup is Not a Myth
Top 10 SIEM implementer’s checklist
Customer Success Testimonial: Recovery is Everything
