Another Windows Security Flaw: "Zero-Day Exploit"


Microsoft has issued yet another security advisory, one which attacks fully patched system. Here's how it works. Thousands of websites are distributing spyware that replaces the user's desktop background with a message warning of a spyware infection. A prompt then appears asking the user to enter credit card information to pay for a spyware cleaning application to remove the offending spyware. In other words, spyware to remove the spyware!

According to F-Secure, there are already 57 detected version of this malicious bit of code, which exploits an "extremely critical flaw" (Secunia) in the Windows Metafile Format (.wmf). Any application that automatically attempts to display a wmf image can be "vectored" for an infection, including older versions of Firefox, current versions of Opera, Outlook, and Internet Explorer. "This is a zero-day exploit, the kind that give security researchers cold chills," states the sunbelt blog. "The only thing you need to do is actually visit a site with the nasty and you get it.  In my mind, that makes it a pretty critical vulnerability.  You go to a site that has this vulnerability, you get hit.  It's not necessarily done through social engineering."

Again, to repeat: this affects fully patched systems! And Microsoft has yet to issue a security update, nor is it clear they plan to. There are "workarounds," like unregistering SHIMGV.DLL (which will disable your ability to view images using the Windows picture and fax viewer via IE), and it is only a "preventative measure." As the sunbelt blog puts it: "If you are already infected, it will not help."

What I don't understand is: why do people put up with this sort of nonsense? Why do people use an operating system that exposes them to this kind of threat? A few years ago, a great many people were so very indignant that Microsoft had the nerve to bundle Internet Explorer with the operating system, so that, by default, all the computer illiterates would end up using IE instead of rival Netscape. We engaged in a long, fruitless, and terribly expensive anti-trust suit against Microsoft, which accomplished very little and left things pretty much as they were before, only, because of the security flaws of Windows, businesses lose billions every year to malware infections. When are people going to realize the folly of allowing one operating system (and a not very good operating system at that) to dominate the market place. One dominanat operating system, particularly one with so many security flaws, makes too easy a target for the malicious hackers out there.

Posted: Thu - December 29, 2005 at 11:21 AM          

©