Skip to comments.PCs falling victim to Windows flaws ~~ Some new threats
Posted on 07/13/2005 10:56:59 PM PDT by Ernest_at_the_Beach
By Joris Evers
Story last modified Tue Jul 12 14:30:00 PDT 2005
Hackers are actively exploiting two serious security vulnerabilities in Windows, Microsoft warned on Tuesday as it released "critical" alerts about the flaws.
One of the problems affects the Microsoft Color Management Module, a component of Windows that handles colors. The other relates to the JView Profiler, part of Microsoft's Java Virtual Machine. The vulnerabilities could be used to commandeer a PC, Microsoft said.
"Attackers are already using the JView Profiler flaw to download and install Trojan horses on victims' machines," said Dan Hubbard, senior director at Websense Security Labs. The Trojan horses would let the miscreants remotely control the hijacked PCs and make it part of a network of such computers known as a botnet, an increasing cyberthreat.
The Windows vulnerabilities are described in two bulletins issued as part of Microsoft's monthly patch cycle. A third alert deals with a bug affecting Word 2000 and Word 2002. The Word flaw could allow an attacker to take control of a vulnerable PC, the software maker said.
All three bulletins get Microsoft's highest security rating, but only the Windows flaws are actively being used to attack users, Microsoft said. The company is encouraging all customers to apply its updates. Security software vendor Symantec said in a statement that the JView Profiler and Color Managament Module issued that affect Windows are "the most serious" of Microsoft's three new security bulletins.
Modes of attack
An intruder could take advantage of the JView Profiler flaw by crafting a malicious Web page and persuading a user to visit the site, Microsoft said. The vulnerability has been publicly known since late last month, and Microsoft last week offered a fix for the problem, but did not send it out via its automatic patching services. The patch will now go out on Automatic Updates and on other services from Microsoft.
As for the Color Management Module vulnerability, people could fall victim to an attack by viewing a malicious image, said Stephen Toulouse, a security program manager at Microsoft.
"You could visit a Web page, and if you have not applied the update, malicious code could execute," Toulouse said. "You could click on a maliciously formed image attached to an e-mail, or you could just preview an image in an e-mail."
Because attackers have more than one way of enticing potential victims, Microsoft deemed the Color Management flaw critical, he noted.
Although the vulnerability was privately reported, Microsoft said, it is already being used in attempts to attack users.
"We have not seen a public posting detailing how to exploit the vulnerability," Toulouse said. "However we have been made aware that there are people attempting to exploit it."
Neel Mehta, a team lead at Internet Security Systems, said he expects a public exploit for the image problem within the week. "It is being analyzed by the underground. Exploitation of this issue will likely be widespread when a public exploit appears," he said.
The JView Profiler and the Color Management flaw affect all current Windows and Windows Server operating systems, including Windows XP with Service Pack 2 and Windows Server 2003 with Service Pack 1, the most recent versions that Microsoft has promoted as its most secure releases ever.
It took longer to read the article than the 10 second automatic update took yesterday.
Which one was the update for?
I don't understand the question. I would suppose that all the threats in blood red ink above were patched if I read it correctly. How's the Linux install working for you?
Linux is doing good for me, I just use it for browsing the web.
I'm playing around with one called GoboLinux, can run from a CD, and it has a different scheme for its organization which, supposedly helps with updates.
Course I haven't broken the code on how to get it installed on a HD yet. Says it writes the Grub bootmanager ok, but I don't think it does/ must be a bug.
Well you study up, and I'll come to you for info if I ever decide to throw a different OS on something. :)
Windows Security Ping
"Windows", meaning what? 98, 98SE, ME, 2000, XP...?
I think the only one Microsoft does any maintenance on is XP!
I know, which is why I keep my XP machine off of the web. I do Web browsing with a totally separate Linux machine.