[ISN] Microsoft warns of new Windows bug, says attacks under way

From: InfoSec News <alerts_at_private>
Date: Thu, 11 Dec 2008 00:27:09 -0600 (CST)
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9123100

By Gregg Keizer
December 10, 2008 
Computerworld

On the same day that Microsoft Corp. released its biggest batch of 
security patches in more than five years, the company also warned 
Windows users of a critical bug that it didn't get around to fixing.

In an advisory posted yesterday, Microsoft said that "limited and 
targeted" attacks are in progress by hackers exploiting an unpatched 
vulnerability in the WordPad Text Converter, a tool included with all 
versions of Windows. The flawed converter handles Microsoft Word 97 
files on Windows 2000 Service Pack 4 (SP4), XP SP2, Server 2003 SP1 and 
SP2.

Newer versions of Windows -- XP SP3, Vista and Server 2008 -- are not 
vulnerable to the bug, however.

WordPad is a basic word processor that has been bundled with Microsoft's 
operating system since Windows 95. The converter allows people who don't 
have the company's Word application to open documents in Windows Write, 
Word 6.0, Word 97, Word 2000 and Word 2002 formats.

Microsoft said that the WordPad converter bug requires some help from 
the user, who must be tricked into actually opening a malicious file -- 
most likely delivered as an e-mail attachment.

[...]


_______________________________________________      
Help InfoSecNews.org with a donation!
http://www.infosecnews.org/donate.html
Received on Wed Dec 10 2008 - 22:27:09 PST

This archive was generated by hypermail 2.2.0 : Wed Dec 10 2008 - 22:52:20 PST