Security researchers are once again sounding the alarm bell, reminding Windows managers to quickly fix the latest...
flaws made public on Patch Tuesday.
Microsoft sent out seven security bulletins this month, two ranked critical, the most severe rating. According to one expert, exploits should be just around the corner.
"I think we will see an exploit materialize either in a test harness or as an actual public exploit within a few days," said Alain Sergile, a technical products manager with Internet Security Systems Inc.'s X-Force team in Atlanta.
Sergile disagreed. "Our researchers looked at some proof-of-concept code and we think it's very easy to exploit," he said.
Sergile said the flaw was especially worrisome because Media Player, which is Microsoft's streaming audio and video tool, is one of the most widely used programs and is loaded by default on most Windows OS versions, such as XP.
Mikko Hypponen, an antivirus research director with the Finnish security firm F-Secure Corp., was not as concerned about the WMP problem. Instead, he turned his attention to this month's other critical flaw MS06-004.
"MS06-004 is nasty," Hypponen said. "This one allows code execution when a corrupted WMF file is viewed with unpatched IE."
Both vulnerabilities are in areas Microsoft has become familiar with recently. Graphics-rendering bugs bit the software maker hard last month when attacker began exploiting another flaw in WMF. Microsoft was forced to push out a patch early due to the severity of the vulnerability, which allowed hackers to take control of a system through a specially crafted WMF image posted on a Web site or sent through e-mail.
Sergile said it is still too early to tell if there will be fallout from January's bug, but noted that most of the machines still vulnerable are not in the enterprise where managers patch fairly quickly. Hypponen said exploits are still circulating and sees a similar path for the new WMF glitch.
"The previous WMF vulnerability is still regularly used in attacks," he said. "This one will probably end up getting used, too, when a public exploit is made available by someone."
While this new WMF problem is similar to the previous flaw, it impacts a much smaller audience. Only systems running IE 5.01 with Windows 2000 Service Pack 4 are affected. The newest WMF vulnerability will not affect users of IE 6 or other Windows versions.
Sergile said the reason for Microsoft's recent graphics rendering blues has to do with opportunity. "Once an area of weakness is pinpointed, hackers tend to dig at it," he said. "As more eyes turn to that area, more defects are found."