'Extremely Critical Flaw' in Windows Discovered, Already Exploited
Tuesday, January 03, 2006
Microsoft Corp. has issued a security advisory for what Secunia is deeming an "extremely critical flaw" in Windows Metafile Format (.wmf) that is now being exploited on fully patched systems by malicious attackers.
Websense Security Labs is tracking thousands of sites distributing the exploit code from a site called iFrameCASH BUSINESS.
That site and numerous others are distributing spyware and other unwanted software, replacing users' desktop backgrounds with a message that warns of spyware infection and which prompts the user to enter credit card information to pay for a "spyware cleaning" application to remove the detected spyware.
Vulnerable operating systems include a slew of Windows Server 2003 editions: Datacenter Edition, Enterprise Edition, Standard Edition and Web Edition.
Also at risk are Windows XP Home Edition and Windows XP Professional, making both home users and businesses open to attack.
In this fluid attack, researchers have kept up a steady stream of new details about the extent of the exploit's reach, with Google Desktop being the latest reported vector.
F-Secure reported on Wednesday that Google Desktop tries to index image files with the exploit, executing it in the process. F-Secure reports that this exploitation-via-indexing may wind up occurring with other desktop search engines as well.
Google had no immediate comment. To avoid the problem, security experts suggest disabling the feature's indexing of media files, or to remove Google Desktop altogether.
A workaround called REGSVR32 has been posted and was included in Microsoft's advisory. However, it should be noted that as of Thursday evening, some security researchers were reporting that the workaround is not fully successful.
...
Linear Mode
