Tuesday, January 4, 2011

Microsoft Windows Exploit Code Went Public

"Microsoft Warns of Windows Security Vulnerability"
IT Security & Network Security News, eWeek.com (January 4, 2011)

"Microsoft issues an advisory on a Windows security vulnerability after exploit code went public. The bug is not under attack, according to the company.

"Exploit code for a new Windows security bug has gone public, prompting Microsoft today to issue an advisory to warn users.

"So far, no attacks taking advantage of the bug have been seen in the wild, Microsoft reported. The vulnerability lies in the Windows Graphic Rendering Engine and, according to Microsoft, can be used by an attacker to run arbitrary code in the context of the logged-on user.

" 'Today we released Security Advisory 2490606, which addresses a publicly disclosed vulnerability affecting Microsoft Windows Graphics Rendering Engine on Vista, Server 2003, and Windows XP. … The vulnerability does not affect Windows 7 or Windows Server 2008 R2, the newest versions of our operating system,' blogged Angela Gunn, senior marketing communications manager of Trustworthy Computing at Microsoft...."

This isn't good news: but it could be a lot worse. For the bug to be a problem, a user has to go to a website that's been design to exploit the bug - or use a Word or PowerPoint file infected with the right - or, rather, wrong - malicious code.

"...'The real danger this vulnerability poses is that it can be exploited simply by getting a user to view a malicious thumbnail image associated with a number of different document types, including Microsoft Word,' explained Joshua Talbot, security intelligence manager for Symantec Security Response...."

Common Sense, Caution, and Frequent Malware Scans

The Lemming isn't concerned about this issue, personally: Computers in this household use other operating systems.

Still, I intend to re-read the article tomorrow, after a good night's sleep.

The potential threat discussed in eWeek.com's article is one of the reasons that the Lemming's computer is set up to let the Lemming know when there's an update for the operating system. That, scheduled malware scans, and mildly paranoid software to look over the Lemming's shoulder as he explores the Web, have kept this system fairly safe.

Perfectly safe? No. A recent scan de-wormed the Lemming's computer. The trick, in the Lemming's opinion, isn't to have perfect security: but to have routines that deal with threats that show up.

The eWeek.com article says that a patch is in the works - and that meanwhile Microsoft has a workaround for folks whose computers are at risk.

And, of course, the advice that you've heard so often: Be careful how you handle suspicious files; and be really careful about following "untrusted" links.

2 comments:

Brigid said...

... Didn't it say that it affects Windows XP? Aside from your computer and my little brother's, all the computers in the house use that OS. Including mine.

Brian, aka Aluwir, aka Norski said...

Brigid,

Right you are, on all points. Guess I've been more tightly focused on this nifty new machine of mine than I realized.

Unique, innovative candles

Visit us online:
Spiral Light CandleFind a Retailer
Spiral Light Candle online store

Pinterest: From the Man Behind the Lemming

Top 10 Most-Viewed Posts

Today's News! Some of it, anyway

Actually, some of yesterday's news may be here. Or maybe last week's.
The software and science stuff might still be interesting, though. Or not.
The Lemming thinks it's interesting: Your experience may vary.
("Following" list moved here, after Blogger changed formats)

Who Follows the Lemming?

WebSTAT

Family Blogs - Blog Catalog Blog Directory