http://seattlepi.nwsource.com/business/253931_msftflaw30.html By ROCHELLE GARNER BLOOMBERG NEWS December 30, 2005 A newfound flaw in Microsoft Corp.'s Windows operating system is being used by hackers to install malicious code on personal computers. Users can infect their computers by visiting certain Web sites that are able to exploit some Windows-based applications, Internet security company Panda Software said. It called the discovery "one of the most serious vulnerabilities recently detected." The flaw in the world's most popular software leaves PCs open to adware and spyware as well as Trojans, which can hide damaging programs. Internet Explorer, Outlook and the Windows Picture and Fax viewer are used to insert the potentially harmful code, said Patrick Hinojosa, chief technology officer of Panda. "Because this exploits particular programs on Windows, rather than Windows itself, your machine can get infected simply by visiting a Web site that's set up to exploit the flaw," Hinojosa said. Microsoft is investigating reports of the problem, the company said on its Web site. It hasn't yet developed a security patch, and recommends that customers use caution and keep antivirus software up to date. Panda found cases of infection almost immediately after the flaw was first reported Tuesday, Hinojosa said. Web sites exploiting the security lapse include toolbarbiz.biz and buytoolbar.biz, Panda said. The sites are set up to install malicious code by using the way applications process Windows Metafiles to show images. Microsoft has been working to improve the security of Windows, which has come under attack from more than 17,000 computer viruses and worms. The latest vulnerability was found in Windows XP, Windows 2000 and Windows NT systems. Panda said it is still testing Windows 98 for the flaw. _________________________________________ Earn your Master's degree in Information Security ONLINE www.msia.norwich.edu/csi Study IA management practices and the latest infosec issues. Norwich University is an NSA Center of Excellence.
This archive was generated by hypermail 2.1.3 : Fri Dec 30 2005 - 19:29:50 PST