Microsoft Security: First Windows Vulnerability, First Scam Attempt
Redmond-based software giant Microsoft has made public details on the first Windows vulnerability for 2011 (see Security Advisory 2490606). According to Microsoft, there’s a vulnerability that plagues the Windows Graphics Rendering Engine that could lead to remote code execution. The vulnerability affects Windows XP, Vista, Server 2003, and Server 2008. It does not affect the latest iteration, Windows 7, though, nor does it affect Windows Server 2008 R2.
The vulnerability could be used by someone with malicious intent to inject and execute arbitrary code; the attacker could take control of a targeted machine if the user is logged on with administrative rights. To exploit the vulnerability that someone with malicious intent would have to send an e-mail with an attached Microsoft Word or PowerPoint file containing a specially crafted thumbnail image and convince the recipient to open it.
The problem is that the Windows Graphics Rendering Engine improperly parses a specially crafted thumbnail image, resulting in a stack overflow. It’s a problem that could allow the attacker to install programs, view, change, or delete data, or create new accounts with full user rights.
Exploit code for this vulnerability is already available – which is bad. Microsoft said that it is not aware of attacks that try to use the reported vulnerability or of customer impact at this time – which his good.
The bottom line is that you must be weary of emails asking you to view an image, click on an image, or download an image – especially unsolicited emails that ask you to check out some image. And speaking of unsolicited emails, there’s a scam making the rounds on the internet asking users to update their operating system. Sophos, company that specializes in providing antivirus, anti-spam, spyware removal software, network and internet security, has detected spam messages that invite users to update their Windows operating system, spam messages that contain an attached file called KB453396-ENU.zip. That attachment is nothing but a worm.
“Cybercriminals are up to their old tricks, spreading malware under the disguise of a critical security patch from Microsoft,” commented Senior Technology Consultant with Sophos, Graham Cluley. “In the current example, they've spammed out an email containing a worm, which even quotes the real name of a senior member of Microsoft's security team - Steve Lipner - to try to fool you into believing it is genuine. Of course, Mr Lipner has nothing to do with the emails and Microsoft never distributes security updates via email attachments.”
The vulnerability could be used by someone with malicious intent to inject and execute arbitrary code; the attacker could take control of a targeted machine if the user is logged on with administrative rights. To exploit the vulnerability that someone with malicious intent would have to send an e-mail with an attached Microsoft Word or PowerPoint file containing a specially crafted thumbnail image and convince the recipient to open it.
The problem is that the Windows Graphics Rendering Engine improperly parses a specially crafted thumbnail image, resulting in a stack overflow. It’s a problem that could allow the attacker to install programs, view, change, or delete data, or create new accounts with full user rights.
Exploit code for this vulnerability is already available – which is bad. Microsoft said that it is not aware of attacks that try to use the reported vulnerability or of customer impact at this time – which his good.
The bottom line is that you must be weary of emails asking you to view an image, click on an image, or download an image – especially unsolicited emails that ask you to check out some image. And speaking of unsolicited emails, there’s a scam making the rounds on the internet asking users to update their operating system. Sophos, company that specializes in providing antivirus, anti-spam, spyware removal software, network and internet security, has detected spam messages that invite users to update their Windows operating system, spam messages that contain an attached file called KB453396-ENU.zip. That attachment is nothing but a worm.
“Cybercriminals are up to their old tricks, spreading malware under the disguise of a critical security patch from Microsoft,” commented Senior Technology Consultant with Sophos, Graham Cluley. “In the current example, they've spammed out an email containing a worm, which even quotes the real name of a senior member of Microsoft's security team - Steve Lipner - to try to fool you into believing it is genuine. Of course, Mr Lipner has nothing to do with the emails and Microsoft never distributes security updates via email attachments.”
