Feeds

Microsoft confirms code execution bug in Windows

0days R Us

  • alert
  • submit to reddit

Internet Security Threat Report 2014

Microsoft has confirmed reports that several versions of Windows are vulnerable to exploits that allow remote attackers to take full control of users' computers using booby-trapped emails and websites.

In an advisory issued Tuesday, Microsoft said it was investigating “new public reports” of vulnerability in the XP, Server 2003, Vista, and Server 2008 versions of Windows. In fact, the first known report of the bug in the way those operating systems process thumbnail images came on December 15 at a security conference in South Korea. On Tuesday, exploit code was added to the Metasploit software framework for hackers.

“This is a remote code execution vulnerability,” the Microsoft advisory stated. “An attacker who successfully exploited this vulnerability could take complete control of an affected system.”

The flaw resides in the Windows Graphics Rendering Engine and can be exploited when victims view a specially manipulated thumbnails on network-shared folders or drives or in online WebDAV-shared folders. It can also be targeted when email users open or preview Microsoft Word or PowerPoint files that contain the doctored images.

There are no known reports of attacks in the wild that exploit the vulnerability, and Windows 7 and Server 2008 R2 aren't susceptible.

“The vulnerability is exploited by setting the number of color indexes in the color table to a negative number,” Johannes Ullrich, chief research officer at the Sans Institute, blogged. Slides from the December 15 conference provide hints that the exploits can bypass security measures such as data execution prevention and safe exception handling, he added.

In a blog post, Microsoft Senior Marketing Communications Manager for Trustworthy Computing, Angela Gunn, said Microsoft was working on a patch, but that for the time being “the circumstances around the issue do not currently meet the criteria for an out-of-band release.” Microsoft's next patch release is scheduled for January 11, but it's highly unlikely a bug fix will be ready by then.

Workarounds include configuring Windows Access Control List to be more restrictive, which will interfere with the way the Graphics Rendering Engine displays media files.

The bug is at least the third unpatched vulnerability in a piece of Microsoft software. Two weeks ago, the company warned of a vulnerability in Internet Explorer that creates a means for hackers to inject malware onto vulnerable systems. On New Year's Day, security researcher Michal Zalewski disclosed a separate bug in the Microsoft browser that he believes also allows attackers to hijack user PCs. ®

Remote control for virtualized desktops

More from The Register

next story
UK smart meters arrive in 2020. Hackers have ALREADY found a flaw
Energy summit bods warned of free energy bonanza
DRUPAL-OPCALYPSE! Devs say best assume your CMS is owned
SQLi hole was hit hard, fast, and before most admins knew it needed patching
Feds seek potential 'second Snowden' gov doc leaker – report
Hang on, Ed wasn't here when we compiled THIS document
Mozilla releases geolocating WiFi sniffer for Android
As if the civilians who never change access point passwords will ever opt out of this one
Why weasel words might not work for Whisper
CEO suspends editor but privacy questions remain
DEATH by PowerPoint: Microsoft warns of 0-day attack hidden in slides
Might put out patch in update, might chuck it out sooner
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
Protecting against web application threats using SSL
SSL encryption can protect server‐to‐server communications, client devices, cloud resources, and other endpoints in order to help prevent the risk of data loss and losing customer trust.