eEye spots pre-Patch Tuesday Windows flaw

Share this article:

Researchers from eEye Digital Security have reported a vulnerability in numerous Microsoft Windows operating systems.

The "high severity" flaw allows for remote execution of arbitrary code with minimal user interaction, according to an advisory from the Orange County, Calif. vulnerability-management vendor.

The disclosure came on the heels of Microsoft’s release this week of an early patch for a vulnerability in the way Windows handles animated (ANI) files. eEye had released a third-party patch for that flaw.

The flaw affects Windows 2000, 2003 and XP operating systems, and was reported to Microsoft on March 27, according to the eEye advisory.

Sean Martin, eEye director of product marketing, told SCMagazine.com today that the flaw has not yet been exploited in the wild.

A Microsoft spokesperson said today that the company is investigating reports of the flaw, but is not aware of any attacks attempting to use it.

Microsoft announced Thursday that it will release five security bulletins as part of this month’s Patch Tuesday fix distribution.

The highest severity rating for any of these flaws is "critical," according to Microsoft.

Researchers at Determina, the firm that discovered the ANI flaw last year, said Firefox users are also vulnerable to the flaw so long as they are using Windows operating systems.

Some researchers have expressed displeasure with Microsoft’s patching procedures, suggesting the Redmond, Wash. company should alter its long-standing monthly patch release schedule.

Click here to email Online Editor Frank Washkuch Jr.

Share this article:

Sign up to our newsletters

More in News

Cyber Command tests gov't collaboration in wake of attacks

The two-week exercise, "Cyber Guard 14-1," was completed this month.

Text message spammer settles charges filed by FTC

Text message spammer settles charges filed by FTC

Rishab Verma and his company agreed to settle charges filed by the FTC that Verma sent millions of spam text messages that deceitfully promised free merchandise.

Rhode Island hospital to pay $150K for past data breach

More than 12,000 patients' personal and health information was compromised in a breach at The Women & Infants Hospital of Rhode Island.