News Stay informed about the latest enterprise technology news and product updates.

Experts think new critical flaws have legs

Security experts tell administrators to 'Patch now' before the latest bugs bite.

Security researchers are once again sounding the alarm bell, reminding Windows managers to quickly fix the latest flaws made public on Patch Tuesday.

Microsoft sent out seven security bulletins this month, two ranked critical, the most severe rating. According to one expert, exploits should be just around the corner.

"I think we will see an exploit materialize either in a test harness or as an actual public exploit within a few days," said Alain Sergile, a technical products manager with Internet Security Systems Inc.'s X-Force team in Atlanta.

Related news:
They're playing our song: Monthly patch release has that old, familiar feel
Of the two critical flaws, Sergile said, the most serious is addressed by MS06-005. The flaw is in the way Windows Media Player deconstructs bitmap (.bmp) files. The bulletin said hackers could construct a bad file that leads to remote code execution if a user visits a malicious Web site or views a malicious e-mail message. The alert also notes significant user interaction is required to exploit this vulnerability.

Sergile disagreed. "Our researchers looked at some proof-of-concept code and we think it's very easy to exploit," he said.

Sergile said the flaw was especially worrisome because Media Player, which is Microsoft's streaming audio and video tool, is one of the most widely used programs and is loaded by default on most Windows OS versions, such as XP.

Mikko Hypponen, an antivirus research director with the Finnish security firm F-Secure Corp., was not as concerned about the WMP problem. Instead, he turned his attention to this month's other critical flaw MS06-004.

"MS06-004 is nasty," Hypponen said. "This one allows code execution when a corrupted WMF file is viewed with unpatched IE."

Both vulnerabilities are in areas Microsoft has become familiar with recently. Graphics-rendering bugs bit the software maker hard last month when attacker began exploiting another flaw in WMF. Microsoft was forced to push out a patch early due to the severity of the vulnerability, which allowed hackers to take control of a system through a specially crafted WMF image posted on a Web site or sent through e-mail.

Sergile said it is still too early to tell if there will be fallout from January's bug, but noted that most of the machines still vulnerable are not in the enterprise where managers patch fairly quickly. Hypponen said exploits are still circulating and sees a similar path for the new WMF glitch.

"The previous WMF vulnerability is still regularly used in attacks," he said. "This one will probably end up getting used, too, when a public exploit is made available by someone."

While this new WMF problem is similar to the previous flaw, it impacts a much smaller audience. Only systems running IE 5.01 with Windows 2000 Service Pack 4 are affected. The newest WMF vulnerability will not affect users of IE 6 or other Windows versions.

Sergile said the reason for Microsoft's recent graphics rendering blues has to do with opportunity. "Once an area of weakness is pinpointed, hackers tend to dig at it," he said. "As more eyes turn to that area, more defects are found."

Dig Deeper on Enterprise infrastructure management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.