by Playfuls Staff |
31st March 2007
eEye Digital Security released a custom form of protection
to immediately address a critical exploit circulating via a flaw in Microsoft’s
Windows Operating System. The flaw would allow a remote attacker to [more] take
complete control of an infected system. Additionally, eEye confirmed that Blink,
the award-winning Internet client security solution, provides proactive
protection against this flaw. To proactively protect Windows users around the
world, eEye has released a temporary patch that prevents the flaw from being
exploited. For individuals and organizations interested in receiving eEye’s
temporary zero-day patch, a copy can be downloaded at
http://research.eeye.com/html/alerts/zeroday/20070328.html.
“Almost a year ago to the day, we released one of the first
third-party patches, proactively providing Windows users temporary protection
against a serious zero-day vulnerability; we are doing it yet again,” said Marc
Maiffret, eEye’s co-founder and chief hacking officer. “Unlike last year’s
JScript Vulnerability, there are no immediately effective means of mitigation
for this zero-day vulnerability. As a result, we encourage all Windows users to
take advantage of our free patch until other means of protection become
available. Alternatively, users may install Blink Personal Internet security or
Blink Professional Unified Client Security, which also provide protection
without the need for security patches.”
This unspecified vulnerability exists within multiple
versions of Microsoft Windows operating systems and allows for a remote
attacker to execute arbitrary code under the context of the logged-in user.
This vulnerability can be exploited by visiting a malicious web site or opening
a malformed Microsoft Office document.
This zero-day vulnerability has a very high impact since the
source of the malicious payload can be any site on the Internet. An even more
critical problem is generated when clients are administrators on their local
hosts, which would run the malicious payload with Administrator credentials.
The impact of this exploit can vary from the reported Trojan installation to
full system compromise by coupling this attack with a privilege escalation
vulnerability to acquire SYSTEM access, which would provide the attacker
complete control over the compromised host.
The most potent attack method used by this vulnerability is
conducted by embedding a malicious .ANI file within an HTML web page. Doing so
allows the vulnerability to be exploited with minimal user interaction by
simply coaxing a user to follow a hyperlink and visit a malicious web site.
Other exploit vectors exist including Microsoft Office applications since they
also rely on the same .ANI processing code, making email delivery also a potent
threat by using Microsoft Office attachments.
