EmailSafety.net - Microsoft patches 'evil' Windows kernel bug

Microsoft patches 'evil' Windows kernel bug

Anti-Spam Software

What is Spam?

Spam Laws

Spam Facts

User Tips

Common Email Scams

What Are Visuses?

Virus Prevention Tips

Anti-Virus Software

Basic Tips

Recent News

Microsoft Corp. Tuesday patched seven vulnerabilities in Windows, including one marked "critical" that could be triggered by attackers simply by getting users to view a malicious image or visit a malicious site.

Of the three security updates the most serious, and the one to patch first, is MS09-006, researchers said today. That update, which contains three separate vulnerabilities, contains the month's single critical bug.

"It's in all versions of Windows, it's deep in the kernel and in GDI," said Wolfgang Kandek, chief technology officer at security company Qualys Inc. "And you could get exploited in many ways. I could send you an e-mail or I could get you to go to a malicious Web site."

"MS09-006, that's just pretty evil," said Eric Schultze, chief technology officer at Shavlik Technologies LLC. "View something evil and you're hacked."

Related Content

According to Microsoft, the critical vulnerability is due to "improper validation of input passed from user mode through the kernel component of GDI." The Graphics Device Interface (GDI) is the core graphics rendering component of Windows. Because the flaw is in the kernel, a successful exploit would leave the attacker with complete control of the machine.

"With the history of GDI, people will really be looking at this," predicted Andrew Storms, director of security operations at nCircle Network Security Inc. Microsoft fixed GDI three times last year, most recently in December 2008, and the Windows kernel twice. "It's like rewind, repeat," Storms said.

Attackers would use malformed WMF (Windows Metafile) or EMF (Enhanced Metafile) images to exploit the bug, Microsoft said, feeding them to users via e-mail or hosting them on Web sites. Opening or viewing the images would trigger the vulnerability.

"I liked how Microsoft acknowledged that attackers could exploit this by getting users to view an e-mail or visit a Web site or open a document with an evil image," said Schultze.

But because Microsoft rated the vulnerability as "3" in its Exploitability Index, indicating that it doesn't believe functional attack code is likely in the next 30 days, Storms said he was confused. "Now I'm unsure. It's obviously the riskiest vulnerability, but with the exploitability index at 3, should I really worry about it or not?"

For more enterprise computing news, visit Computerworld. Story copyright Computerworld, Inc.

Recent News:

· Feds draw a bead on Russian behind Mega-D botnet
· Ransomware Attack Resurfaces to Hold Files Hostage
· Adobe Reader X Makes PDF Files Safer
· PayPal Users Beware of Holiday Phishing Scam
· McAfee Reports Malware at All-Time High

Site Map | Recent News | Related Sites