eEye spots pre-Patch Tuesday Windows flaw

Share this article:

Researchers from eEye Digital Security have reported a vulnerability in numerous Microsoft Windows operating systems.

The "high severity" flaw allows for remote execution of arbitrary code with minimal user interaction, according to an advisory from the Orange County, Calif. vulnerability-management vendor.

The disclosure came on the heels of Microsoft’s release this week of an early patch for a vulnerability in the way Windows handles animated (ANI) files. eEye had released a third-party patch for that flaw.

The flaw affects Windows 2000, 2003 and XP operating systems, and was reported to Microsoft on March 27, according to the eEye advisory.

Sean Martin, eEye director of product marketing, told SCMagazine.com today that the flaw has not yet been exploited in the wild.

A Microsoft spokesperson said today that the company is investigating reports of the flaw, but is not aware of any attacks attempting to use it.

Microsoft announced Thursday that it will release five security bulletins as part of this month’s Patch Tuesday fix distribution.

The highest severity rating for any of these flaws is "critical," according to Microsoft.

Researchers at Determina, the firm that discovered the ANI flaw last year, said Firefox users are also vulnerable to the flaw so long as they are using Windows operating systems.

Some researchers have expressed displeasure with Microsoft’s patching procedures, suggesting the Redmond, Wash. company should alter its long-standing monthly patch release schedule.

Click here to email Online Editor Frank Washkuch Jr.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

CryptoWall surpasses CryptoLocker in infection rates

CryptoWall surpasses CryptoLocker in infection rates

A threat analysis from Dell SecureWorks CTU says that CryptoWall has picked up where its famous sibling left off.

Professor says Google search, not hacking, yielded medical info

Professor says Google search, not hacking, yielded medical ...

A professor of ethical hacking at City College San Francisco came forward to clarify that he did not demonstrate hacking a medical center's server in a class.

Syrian Malware Team makes use of enhanced BlackWorm RAT

Syrian Malware Team makes use of enhanced BlackWorm ...

FireEye analyzed the hacking group's use of the malware, dubbed the "Dark Edition" of BlackWorm.