eEye spots pre-Patch Tuesday Windows flaw

Share this article:

Researchers from eEye Digital Security have reported a vulnerability in numerous Microsoft Windows operating systems.

The "high severity" flaw allows for remote execution of arbitrary code with minimal user interaction, according to an advisory from the Orange County, Calif. vulnerability-management vendor.

The disclosure came on the heels of Microsoft’s release this week of an early patch for a vulnerability in the way Windows handles animated (ANI) files. eEye had released a third-party patch for that flaw.

The flaw affects Windows 2000, 2003 and XP operating systems, and was reported to Microsoft on March 27, according to the eEye advisory.

Sean Martin, eEye director of product marketing, told SCMagazine.com today that the flaw has not yet been exploited in the wild.

A Microsoft spokesperson said today that the company is investigating reports of the flaw, but is not aware of any attacks attempting to use it.

Microsoft announced Thursday that it will release five security bulletins as part of this month’s Patch Tuesday fix distribution.

The highest severity rating for any of these flaws is "critical," according to Microsoft.

Researchers at Determina, the firm that discovered the ANI flaw last year, said Firefox users are also vulnerable to the flaw so long as they are using Windows operating systems.

Some researchers have expressed displeasure with Microsoft’s patching procedures, suggesting the Redmond, Wash. company should alter its long-standing monthly patch release schedule.

Click here to email Online Editor Frank Washkuch Jr.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Beazley: employee errors root of most data breaches, but malware incidents cost ...

Insurance firm Beazley analyzed more than 1,500 data breaches it serviced between 2013 and 2014.

Apple issues seven updates, fixes more than 40 vulnerabilities in iOS 8, OS 10.9.5

Apple issues seven updates, fixes more than 40 ...

In one of its infrequent "Update Surprisedays," Apple plugged holes, boosted security and added features.

Canadian telecom co. Telus unveils first transparency report

The company received more than 100,000 government requests for customer data last year.