Microsoft Warns of Attacks on Unpatched Windows, IE and Office Flaws
Microsoft is warning Windows users about three separate flaws widely deployed in the operating system that bad guys are using to install spyware when users merely visit a nasty Web site or open a maliciously crafted Powerpoint deck.
The flaw in the Windows OS was discovered back in July by researcher HD Moore of Breakingpoint Systems. The discovery came as part of Moore's month-of-browser-bugs experiment, in which he unveiled a new browser flaw each day for a month.
This particular Windows bug, which you may see referred to by the vulnerable component of the browser -- "WebViewFolderIcon setslice," can be exploited to install spyware on PCs merely when someone visits a malicious site with IE or opens a specially crafted e-mail (although Microsoft says that customers who are running Windows Server 2003 and Windows Server 2003 Service Pack 1 in their default configurations, with the Enhanced Security Configuration turned on, are not affected.)
Websense says its researchers have spotted this exploit on a number of sites known to be controlled by the same Russian hacking outfit that Security Fix previously credited with some fairly nasty past exploits. Websense notes that "the fact that they are using the exploit code poses a significant risk due because their ability to attract users to sites via search engines and email spam campaigns."
Meanwhile, Roger Thompson over at Exploit Prevention Labs reports that this flaw also is being used at sites that try to install the CoolWebSearch program, a family of pop-up ad spewing browser hijacking software that can be extremely difficult to remove from your system.
Microsoft is warning of yet another flaw in PowerPoint that criminals are using to install malware. Typically, these types of vulnerabilities have been used by groups to conduct very successful targeted attacks against businesses and the federal government, in most cases to install password-stealing tools. Microsoft says most of its currently supported versions of PowerPoint are vulnerable, including Microsoft PowerPoint 2000, Microsoft PowerPoint 2002, Microsoft Office PowerPoint 2003, Microsoft PowerPoint 2004 for Mac, and Microsoft PowerPoint v. X for Mac.
What's probably most interesting about this PowerPoint flaw, according to a blog post from anti-virus maker McAfee, is the fact that it appears that Microsoft's antivirus product added detection for this exploit back on Sept. 23, but the company didn't put out a public advisory on the threat until Sept. 27. McAfee said the delay suggests that "Microsoft's security team knew of this in-the-wild attack but did not make the information public." If true, that is pretty unfortunate.
Finally, there is yet another Internet Explorer bug being exploited in the wild, according to Microsoft. This one doesn't appear to be widely exploited yet, but that's probably a matter of time. Check out Sunbelt Software's write-up of a case they found of this thing being wielded to install malware.
A couple of points: If you use IE, consider upgrading to IE 7, which doesn't appear to be affected by any of this stuff. Also, as always, it's a good idea never to click on an attachment -- PowerPoint or otherwise -- sent to you in e-mail that you were not expecting. When in doubt, e-mail the sender and ask whether they really meant to send you that file and why you should open it. Also, scan all e-mail attachments with anti-virus software before downloading and opening them.
And if you're a Windows user, set your system to download software updates automatically -- more information here.
The comments to this entry are closed.