Latest Security Threats

On Christmas Eve, Symantec's Security Response service confirmed that un-patched security flaws in Windows operating systems could pose a serious risk for exploits through malicious web pages and email messages.

A warning was issued to Symantec subscribers about three new serious vulnerabilities found in the Windows operating system, which could potentially affect every Microsoft Windows user. Sr. Director of Symantec Security, Alfred Huger, says that two of the three identified vulnerabilities could potentially be used to install malicious code, such as adware and spyware, on an unsuspecting victim's computer and take complete control of the system.

Nice Image, Bad Code

Problem #1 - Microsoft Windows image processing contains a flaw referred to as The Microsoft Windows LoadImage API Function Integer Overflow Vulnerability. This is a remotely exploitable vulnerability that exists in the LoadImage API instruction used by many Web browsers and email client software. What that means is this security flaw can be exploited simply by visiting a malicious website or opening an HTML email containing an image with hidden malicious code. This one is scary because the malicious image needs only to be viewed. No interaction from the user is required to activate the malicious code. Users who open an HTML email message or Web page hosting a malicious image could be at risk.

Symantec recommends its customers update their virus definitions with the latest updates, which includes the Bloodhound.Exploit.19 signature. This signature will prevent exploitation of the Microsoft Windows LoadImage API Function Integer Overflow flaw.

For more information and updates about this vulnerability visit the Microsoft TechNet Web site.

Click With Caution

Problem #2 - Another flaw that can be loaded and exploited via HTML is the Microsoft Windows Kernel ANI File Parsing Crash and DoS Vulnerability.

According to Symantec, when a malicious ANI file is encountered the result is a Denial of Service. Exploitation of this security hole results in a crash and subsequent restart of any vulnerable system.

ANI stands for Windows Animated Cursor and manages many images' frames. It is reported that a remote user can create a specially crafted Windows animated cursor file (ANI file) that, when loaded by the target user, will cause their system to crash. This happens because the software does not properly validate user-supplied frame and rate numbers in the ANI file header.

For more information and to search for any available patches for this vulnerability visit the Microsoft Windows Update Center and download any critical updates.

Microsoft Help Files; Not So Much Help

Problem #3 - The Microsoft Windows winhlp32.exe Heap Overflow Vulnerability has been reported in the winhlp32.exe application used to interpret help files and is considered a high-risk issue of concern. Some decoding errors during the parsing of a malicious help file could cause a heap buffer overflow that could then be exploited.

What does that mean?

Generally speaking, buffer overflow is a common coding style where programmers do not allocate a large enough buffer, or holding area, and do not check for overflows. Overflow occurs anytime the program writes more information into the buffer than the space it has allocated in memory. This allows an attacker to overwrite data that controls the program execution path and hijack control of the program to execute the attacker's code instead the process code.

For more information and to search for any available patches for this vulnerability visit the Microsoft Windows Update Center and download any critical updates.

And Then There Were Four

We have discussed the latest exploits discovered within the Windows operating system, but because there are so many Internet Explorer users out there, I wanted to warn you about a spoofing flaw recently uncovered by researchers within Microsoft's Internet Explorer as well.

According to researchers, it has been confirmed that IE contains yet another bug which could allow scammers to display a fake Web site with all the characteristics of a genuine, secure site, including the URL and padlock icon indicating SSL security.

This vulnerability is found within Internet Explorer's default ActiveX controls. Generally, when scammers spoof a site they need to have some issue on the site they want to manipulate, which restricts what they can do. However, this flaw is embedded in IE by default and makes it is possible for hackers to inject their own content into any Web site. There is no way for a Web site to protect itself against such an attack and, currently, there is no patch to fix this bug.

Secunia, a company that monitors vulnerabilities in more than 4,000 products, offers an online demonstration to test your browser's vulnerability.

For more information about your particular browser and to take the test go to;

http://secunia.com/multiple_browsers_window_injection_vulnerability_test/

Common Sense Advice

To protect your PC, the usual common sense policies and practices apply.

* Update your virus definitions as soon as possible. This should be done regardless of your anti-virus software provider.
* Go to the Windows Update Web site and download any critical updates for your operating system.
* Block any and all email attachments with .hlp extensions regardless of the source.
* Avoid new sites or ones which are questionable or untrustworthy.
* Read email in plain text format, or, configure your email software to block images.
* And last but certainly not least, the one piece of advice that always applies, do not open email messages from people or sources you do not know.

Until patches are issued to combat these flaws, any contact between a users PC and the Internet, including browsing/surfing, using any Microsoft Windows platform or Internet Explorer may result in a security compromise.

Get More Information

Windows Security Updates - Get a list of all security updates released by Microsoft for 2004.

U.S. Computer Emergency Readiness Team (US-CERT) - A government agency that provides the most frequent, high-impact types of security incidents currently being reported to US-CERT.

Finjan - Finjan uses an integrated approach to secure content management. Their proactive security solutions utilize patented Behavior Blocking technology, which scans all potentially malicious content and verifies that the inspected behaviour aligns with your organization's predefined security policy.

Sophos - Leading provider of anti-virus, anti-spam, and email policies for business.

Secunia - Provides up-to-date advisories on the latest threats.

10 tips to save your PC this festive season- tips for better security to keep your machine safe

2004 Virus Hall of Fame - Panda Software, a leading anti-virus provider, issues their list of malware's hall of fame.

Disclaimer - The Micro 2000 Tech Tip is a free service providing information only. While we use reasonable care to see that this information is correct, we do not guarantee it for accuracy, completeness or fitness for a particular purpose. Micro 2000, Inc. shall not be liable for damages of any kind in connection with the use or misuse of this information.

Micro-Scope - PC Hardware trouble shooting at your finger tips

Erased the data on your hard drive? Think again!

Free translation

SITEMAP | CONTACT | HOME

Disclaimer - The M2K Tech Tip is a free service providing information only. While we use reasonable care to see that this information is correct, we do not guarantee it for accuracy, completeness or fitness for a particular purpose. M2KTech.com shall not be liable for damages of any kind in connection with the use or misuse of this information.