More Windows vulnerabilities found. :(

Experts warn of new Windows vulnerabilities

Symantec's Security Response has issued a warning about three new "serious" vulnerabilities discovered in the Windows operating system.

"We believe these threats to be serious, especially given the time of year that they have been discovered," said Alfred Huger, senior director of Symantec Security Response. "Many consumers are shopping on-line and many businesses are short-staffed making these threats more worrisome. Two out of these three vulnerabilities could potentially be used to install malicious code such as spyware on an unsuspecting victim's computer, and take complete control of their computer."

The vulnerabilities were initially reported by Venustech Security Labs. Patches for these vulnerabilities are not currently available, and Microsoft has not yet confirmed the flaws exist. But Symantec Security Response says it believes that the risks posed by these reported vulnerabilities are "high," and has issued an alert to users of the operating system.

The Microsoft Windows LoadImage API Function Integer Overflow Vulnerability is a remotely exploitable vulnerability in Windows image processing. It exists in the LoadImage API instruction used by many Web browsers and e-mail clients. This security flaw can be exploited by simply visiting a malicious website, or opening an HTML e-mail containing an image that has malicious code hidden in it. No interaction from the user is required to activate the malicious code once an imagine has been viewed.

The Microsoft Windows winhlp32.exe Heap Overflow Vulnerability has been reported in the winhlp32.exe application, which is used to interpret Windows Help files (.hlp). The vulnerability is a result of decoding errors that manifest themselves in the parsing of a malicious help file. These decoding errors are exploitable to cause a heap-based buffer overflow. Malicious help files, encountered either through e-mail, or via a malicious website, may be used to exploit this vulnerability.

A third vulnerability, the Microsoft Windows Kernel ANI File Parsing Crash and DoS Vulnerability, results in a denial of service when a malicious ANI file is encountered. Exploitation of this security hole, either via e-mail or a malicious website, will result in a crash and subsequent restart of any vulnerable system, Symantec says. This vulnerability simply requires a user to view a malicious website or e-mail in order to launch an attack on the computer.

Until these issues are patched, any interaction with Internet-based content using any software package for the Microsoft Windows platform may result in a compromise, Symantec warns. The company recommends its customers update their virus definitions with the latest updates, which includes the Bloodhound.Exploit.19 signature. This signature will prevent exploitation of the Microsoft Windows LoadImage API Function Integer Overflow flaw.

Until patches are available for the other vulnerabilities, Symantec's security experts recommend blocking all e-mail attachments with the .hlp extension; avoiding untrusted or new websites; and reading e-mail messages only in plain text format. They also advise that people should not open e-mail messages from unknown sources.
Geoff

Online miscreants have released a Trojan horse that can infect computers running Microsoft's Windows XP, installing programs to remotely control a victim's system.

The program--dubbed "Phel," an anagram of "Help"--infects visitors to a maliciously-created Web site through Internet Explorer's Help controls, Symantec warned in an advisory this week. A bug in the malicious program may prevent it from infecting some computers, the security company said.

The Trojan horse exploits a vulnerability, found in October, in how Internet Explorer and Windows XP Service Pack 2 handle help files called from Web pages.

The flaw is unrelated to the recent help-file flaws outed by a Chinese security company last week. In that instance, Microsoft took the Chinese security group to task for disclosing the vulnerability without giving the company a chance to develop a way to fix the problem.

"Microsoft is working to forensically analyze the malicious code in Phel and will work with law enforcement to identify and bring to justice those responsible for this malicious activity," a company spokesperson said.

A patch is not yet available from Microsoft for the October flaw, nor the most recent flaws, but the software giant said its programmers are working on the issue.

"Microsoft is taking this vulnerability very seriously, and an update to correct the vulnerability is currently in development," the spokesperson said. "We will release the security update when the development and testing process is complete, and the update is found to effectively correct the vulnerability."

Microsoft has had significant problems securing its Web browser in 2004. As a result, the freely available open-source browser Firefox has gained market share. Security experts have recommended that computer users consider other browsers and some schools have told their students to use a non-Microsoft browser.

The Symantec advisory can be found on the company's Web site.
Geoff

It gets worse!
Computer security firm Secuna elevated the status of a vulnerability found in Microsoft Internet Explorer 6 to "Extremely Critical". The flaw, originally discovered in October, makes it possible to expose local system resources to external attack due to a flaw in IE's drag and drop functionality as it pertains to handlind data across "zones".

According to the company, the vulnerability warrants an upgrade in its risk status because it bypasses some of the built-in protections provided by Service Pack 2 for Windows XP.

Microsoft has already issued a patch for the flaw, along with procedures in rendering the issue moot, but Secunia stands by their reasoning for calling attention to the flaw.
Geoff