New VML Flaw in Windows Captures PCs
A company having specialized in structuring attacks for penetration testing evolved a live exploit of a critical patch by Microsoft within hours of its release, as per TechWeb's reports on January 16, 2007.
According to U.S. media reports, Immunity, a security service providing company has created an exploit that seizes a Windows PC through a flaw in the VML parser in Internet Explorer versions 6 & 7. The flaw was announced on Microsoft's last Tuesday security bulletin, January 9, 2007.
Microsoft highlighted the VML hole in the MS07-004 and Windows XP featured computers running Internet Explorer 5.01, 6.0 and 7. Researchers point at its similarity with a VML vulnerability for which an 'out of cycle' patch was issued in September 2006.
However, Immunity is offering its exploit only to customers who participate in its partner program for a fee. Within the program they use the exploit to create signatures for 'intrusion detection systems' and devices for 'penetration tests'.
The firm's exploit is not the first of its kind that target the VML flaw. Microsoft writes in a Security Bulletin that users exploited the flaw even before the company released a patch for it. Microsoft, however, does not say who exploited the flaw and how often. The company advises its users to install the patch as early as possible.
Fortunately, the vulnerability can be exploited only for 'Denial of Service' attacks. Since it does not allow injection of code into its memory, the vulnerability cannot help to execute any malicious code, into a system.
Some security researchers have set a high priority to fix the VML bug. They advise individuals and businesses to deploy the fix as the bug is being actively exploited. Hackers could apply the vulnerability to capture computers. They can do it by luring users to a malicious website. Just by viewing the mal-crafted page, a user can lose control of his PC.
The time gap between the discovery of a vulnerability and appearance of an active exploit continuously shrinks. This phenomenon has become so pervasive that some fellows have named the day after 'Patch Tuesday' as "Exploit Wednesday".
Related article: New Zealand Releases Code To Reduce Spam
» SPAMfighter News - 19-01-2007