New Zero-Day Flaw in Windows XPA reported flaw called zero-day was reported in Microsoft's Windows XP's system component. The U.S.-CERT has warned users about vulnerability in Microsoft's Windows Libraries, which, on exploitation, could allow a hacker to execute malicious code on a victim's computer. In an online advisory, the security company posted about vulnerability in buffer overflow that occurs in the MFC71 and MFC42 libraries provided locally in Windows. The flaw exists on account of the "FindFile" function that fails to validate the stretch of input the user supplies, warned U.S.-CERT researchers. InformationWeek reported this on September 19, 2007. By manipulating the FindFile function, it may be possible for an attacker to initiate a buffer overflow and run an arbitrary code on a system that is affected. Secunia explained that when a user opens any document requiring the function, a situation resulting crash could be made make possible to run malicious code on the affected system of the user. Secunia has rated the flaw as "moderately critical", the third alert level out of its five levels. The vulnerability has no fix at present. Secunia further said that the programs that can approach the component are version 2.1 of the software installer for HP's All-In-One series and Photo & Imaging Gallery 1.1. Secunia declared that researcher Jonathan Sarba working at GoodFellas' Security Research Team had discovered the flaw. GoodFellas informed Microsoft about the bug on June 21, 2007, but Microsoft reverted only in early September 2007 saying that it was developing a fix. Microsoft's security program manager, Christopher Budd, told InformationWeek via e-mail that Microsoft was investigating reports that indicated a possible flaw in Windows. InformationWeek reported this on September 19, 2007. Microsoft currently does not have any reports of attacks using the claimed flaw, Budd added. The company would determine measures, which customers could adopt to protect themselves once Microsoft confirms the vulnerability. After completing the investigation, Microsoft will act appropriately by supplying a security patch through the bulletin Microsoft releases every month, an extra update outside the monthly bulletin, or provide useful tips for customers. Related article: New Zealand Releases Code To Reduce Spam ยป SPAMfighter News - 10/8/2007 |    |
Dear Reader
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!
 |  |
