X

Attack code out for 'critical' Windows flaw

Code that exploits a recently found flaw in the way Windows handles Vector Markup Language documents has been published.

Joris Evers Staff Writer, CNET News.com
Joris Evers covers security.
Joris Evers
2 min read
Computer code that exploits a security vulnerability in Windows has been published on the Internet, making it more urgent for users of the operating system to patch.

The attack code exploits a flaw in the way Windows handles Vector Markup Language, or VML, documents, which are used for a type of high-quality graphic on the Web. The bug lies in a Windows component called "vgx.dll" that supports these files.

Microsoft provided a fix for the flaw last week with security bulletin MS07-004. At the time, the company warned that it had already seen limited cyberattacks exploiting the vulnerability. However, attack code hadn't been available publicly. On Tuesday, exploit code was published to a widely-read online security forum.

"Microsoft is aware that detailed exploit code was published on the Internet that may take advantage of the vulnerability addressed by Microsoft security bulletin MS07-004," a company representative said in a statement. "Microsoft encourages all customers to apply the most recent security updates."

Prior to the public posting of the exploit, other code that takes advantage of the flaw had been made available to users of a security testing tool made by Immunity. However, these attack blueprints are private, supplied to people who pay for the tool.

Functionality of the public exploit code appears to be limited, Symantec said in an alert to users of its DeepSight security intelligence service Tuesday. Symantec was unable to get the exploit to work on English language versions of Windows XP and Windows 2000, the company said. Still, the exploit could provide a starting point for other hackers, Symantec said.

"The author has posted the exact location of the flaw, shown in a screen shot from a binary analyzer, increasing the likelihood of other exploits being developed," according to the Symantec alert.

The VML flaw is similar to a bug for which Microsoft rushed out a fix in September after Windows users came under attack. The vulnerability can be exploited by tricking a user into viewing a malicious VML file on a Web site with Internet Explorer.

All recent versions of Windows are vulnerable when all recent versions of IE, including IE 7, are in use, according to Microsoft. The exception is Windows Vista, which is not impacted, the software maker said. Microsoft's patches are distributed via Automatic Updates and on the company's Microsoft Update downloads Web site.