- Related Stories
-
Microsoft to hunt for new species of Windows bug
January 9, 2006 -
Microsoft pushes out Windows patch ahead of time
January 5, 2006 -
Wait for Windows patch opens attack window
January 3, 2006 -
Windows flaw spawns dozens of attacks
January 3, 2006
The newly disclosed issues could be a conduit for denial-of-service attacks, according to a description sent to the Bugtraq mailing list on Monday. A core function of the Windows operating system, explorer.exe, will crash a vulnerable Windows PC if a user views a specially crafted WMF image, according to the description. Explorer runs the Windows user interface, including the Start menu, taskbar, desktop and file manager.
Microsoft is aware of the problems, a representative for the software maker said in an e-mailed statement. The company had identified these issues before the report and is evaluating fixes for inclusion in the next service pack for the affected products, the representative said.
"Microsoft's initial investigation has found that these are not security vulnerabilities but rather performance issues that could cause an application to stop responding," the representative said.
Microsoft disputes that the flaws can cause Windows to stop responding, but said they may affect an application used to view a WMF image. Such applications include the Windows Picture and Fax Viewer.
"(The issues) may cause the WMF application to crash, in which case the user may restart the application and resume activity," the software maker said. The issues do not allow an attacker to commandeer a Windows system, Microsoft noted.
Word of the new problems comes just days after Microsoft rushed out a critical update for a vulnerability related to the rendering of WMF files. Cybercriminals were taking advantage of that flaw to attack Windows computers via malicious Web sites, Trojan horses and instant-messaging worms.
It is no surprise that more WMF flaws are being found, said Mike Murray, the director of vulnerability and exposure research at nCircle, a vulnerability management company in San Francisco. "When a part of Windows yields up a couple of vulnerabilities, it draws attention, and many malicious researchers start looking at that part more closely," he said.
Bugs affecting components of software typically come out in bunches, Murray said. "A few years ago it was IIS, then SQL Server, then RPC, now it's the Windows Graphics Engine," he said. IIS is Internet Information Services (the Web server part of Windows Server), SQL Server is Microsoft's database product, and RPC is the Remote Procedure Call component.
The newly reported Windows issues aren't as serious as the one Microsoft just patched--at least, not yet, Murray cautioned. "In the current release, they're only denial-of-service attacks. However, it's likely that they could be leveraged to be more severe. "If it's possible to write an exploit to take control of an attacked machine, we'll see one in the next week or two," he said.
Microsoft is not aware of any attacks that use the newly disclosed issues as a conduit, it said.
See more CNET content tagged:
Microsoft Windows Metafile, RPC, Microsoft IIS Server, Microsoft SQL Server, representative




Don't get me wrong---Windows isn't "evil" or anything... It's just that I'm sick and tired of "my" operating system obeying every whim of everyone on the internet but me! (the first time I got pr0n-reg-hacked I was furious! :)) It just seems like a really poor permissions model... running *NOT* in administrator mode takes away 85% of my functionality, and running in administrator mode is like waterskiing on liquid hot magma.
"switch OSes l4m3xx0rz!!!!110101!!!" My response is "hack windows better and I will!!" ha...
:|
__________________________________
R.K.
http://www.Remove-All-Spyware.com/
This translates into "Critical unless we don't care about you anymore". The drop of support for these older versions brought an outcry that Microsoft could and would allow the Operation System to remain vulnerable to multiple points of attack in an effort to force users to buy new versions. Seems the fears have come true, but I don't see much about this issue yet.
Or are you not actually running one of those but just sounding off because you feel like complaining?
- MS judgment
- by January 10, 2006 7:26 AM PST
- I'm not sure relying on Microsoft's opinion regarding how critical a
- Reply to this comment
-
(6 Comments)vulnerability is would be a good idea.... I mean... look at their
judgments in the past... they have not been very good at picking
what is critical and what is not.