Oops! Missed One Fix — Windows Attacks Under Way 292
CWmike writes "Microsoft says attackers are now exploiting a critical Windows bug that it didn't get around to fixing in its biggest batch of security patches in more than five years, issued yesterday. Microsoft said that 'limited and targeted' attacks are in progress by hackers exploiting an unpatched vulnerability in the WordPad Text Converter, a tool included with all versions of Windows. If Microsoft patches the WordPad problem on its monthly schedule, the first opportunity for fixing the flaw would be Jan. 9, 2009." Update: 12/10 22:28 GMT by T : OK, there might have been more than one: reader Simon (S2) writes "There is an even more serious flaw ... From SANS: 'There is a 0-day exploit for Internet Explorer circulating in the wild. At this point in time it does not appear to be wildly used, but as the code is publicly available we can expect that this will happen very soon. This is a brand new exploit that is *not* patched with MS08-073 that was released yesterday. I can confirm that the exploit works in a fully patched Windows XP machine. The exploit is a typical heap overflow that appears to be exploiting something in the XML parser.'"
I don't understand (Score:5, Interesting)
Re:WordPad? (Score:2, Interesting)
Are .rtf files now unsafe on Windows?
Btw, the answer is yes, they are unsafe on Windows, if you want to keep them safe move your .rtf files to a Linux machine asap. But they are not vulnerable to this exploit.
Re:That's good thinking... (Score:5, Interesting)
Not at all. You see - exploits are only developed by analyzing patches. What you have here is a very advanced malware developer. For they had gazed on the patch and, instead of seeing the vulnerabilities being patched, they saw the one that was not. It's all very Zen.
Actually - it's not the first time [com.com] Microsoft's patch cycle has been gamed.
Here's the Exploit Code (Score:2, Interesting)
Re:I don't understand (Score:3, Interesting)
Is it just me or would this attack be impossible if Windows used mime types correctly.
E.g. On Linux it generally doesnt matter what the file extension is, it always opens in the correct program due to the mime type being used to determine the program and not the file extension.
Re:I don't understand (Score:3, Interesting)
Reminds me of my favorite notepad pseudo-easter egg. Type the words below in a new instance of Notepad, save it, close it, re-open it in Notepad and see what it does...
this app can break