The number of malicious Web sites attempting to exploit the previously unknown Windows Meta File (WMF) vulnerability has jumped in the last two days, highlighting the danger of Microsoft's lack of a patch for its operating system.
The flaw occurs in Microsoft Windows' Graphics Rendering Engine. A specially crafted image file can take advantage of the flaw to compromise a Windows system that opens the image. Applications that use the vulnerable Windows operating system code include Internet Explorer, Windows Explorer, and the image viewing capability of Lotus Notes. Several reports on the vulnerability have described workarounds for protecting against the most common ways of exploiting the WMF flaw, but the effectiveness of the temporary solutions is still being questioned.
Microsoft published a security advisory earlier this week on the vulnerability, advising customers to keep their antivirus software up to date or to use Windows OneCare to protect their systems. Most major antivirus companies--including Symantec, the owner of SecurityFocus--detect the more than 70 known malicious programs that use the vulnerability to compromise systems, according a recent eWeek article.
The shadier side of the Internet is starting to use the exploit to install adware and spyware on victims' machines. Research by online security firm Websense found that two South American sites had started using the zero-day exploit code to compromise PCs. Another dozen or so domains have images that try to exploit the issues as well, according to antivirus firm F-Secure.
Thanks to John Herron of NIST.org for the tip on Lotus Notes.
Posted by: Robert Lemos