[ISN] Microsoft offers early fix for critical IE bug

From: InfoSec News (alerts@private)
Date: Tue Sep 26 2006 - 23:14:58 PDT


http://www.networkworld.com/news/2006/092606-microsoft-offers-early-fix-ie.html

By Robert McMillan
IDG News Service
09/26/06

With attackers finding new ways to exploit a critical flaw in Internet 
Explorer, Microsoft has released a patch for the problem, ahead of its 
next scheduled round of security updates.

The patch fixes a critical vulnerability in the way Internet Explorer 
renders Vector Markup Language (VML) graphics. Hackers had been 
exploiting the flaw, which also affects some versions of Outlook, for 
more than a week, and in recent days malicious activity had been on the 
upswing.

The out-of-cycle release is unusual, but not unprecedented.

Microsoft generally releases its security updates on the second Tuesday 
of every month, giving system administrators a predictable way to set 
aside time to test the new software. Occasionally, the company will 
release patches ahead of time if a flaw is being widely exploited by 
attackers. In January it patched a critical flaw in the Microsoft 
Windows Metafile (WMF) image-rendering engine after it became a 
widespread problem.

With attack code that works on the latest version of Windows XP now 
publicly available, the VML bug is shaping up as a very serious concern 
for administrators, said Ken Dunham, the director of Verisign's iDefense 
Rapid Response Team. VML attacks have now "dwarfed the WMF activity in 
the same period of time compared to last year," he said.

By Tuesday, more than 3,000 Web sites were already infecting users with 
malware that exploited the VML bug, according to Dunham. One week into 
the WMF outbreak last January, iDefense saw about 600 sites exploiting 
the problem.

Security experts also warn that there are many variants of the VML 
malware, some of which may be missed by security software. Researchers 
at iDefense are now looking at a dozen possible variations of the VML 
exploit code and have confirmed the existence of seven variants, Dunham 
said. "With WMF there wasn't nearly as much modification. We see a lot 
of different permutations and obfuscation techniques being utilize with 
VML attacks."

A group of security researchers released a patch for the VML flaw late 
last week, independent of Microsoft, but criminals have even found a way 
to exploit the fix.

In the past few days they have been circulating phony e-mails, claiming 
to be a patch for the VML problem. If downloaded, this fake patch 
actually installs malicious software on the victim's system, Dunham 
said.

Microsoft's next regularly scheduled security updates will be released 
Oct. 10.

All contents copyright 1995-2006 Network World, Inc.


_________________________________
Visit the InfoSec News store!
http://www.shopinfosecnews.org 



This archive was generated by hypermail 2.1.3 : Tue Sep 26 2006 - 23:21:29 PDT