eEye spots pre-Patch Tuesday Windows flaw

Share this article:

Researchers from eEye Digital Security have reported a vulnerability in numerous Microsoft Windows operating systems.

The "high severity" flaw allows for remote execution of arbitrary code with minimal user interaction, according to an advisory from the Orange County, Calif. vulnerability-management vendor.

The disclosure came on the heels of Microsoft’s release this week of an early patch for a vulnerability in the way Windows handles animated (ANI) files. eEye had released a third-party patch for that flaw.

The flaw affects Windows 2000, 2003 and XP operating systems, and was reported to Microsoft on March 27, according to the eEye advisory.

Sean Martin, eEye director of product marketing, told today that the flaw has not yet been exploited in the wild.

A Microsoft spokesperson said today that the company is investigating reports of the flaw, but is not aware of any attacks attempting to use it.

Microsoft announced Thursday that it will release five security bulletins as part of this month’s Patch Tuesday fix distribution.

The highest severity rating for any of these flaws is "critical," according to Microsoft.

Researchers at Determina, the firm that discovered the ANI flaw last year, said Firefox users are also vulnerable to the flaw so long as they are using Windows operating systems.

Some researchers have expressed displeasure with Microsoft’s patching procedures, suggesting the Redmond, Wash. company should alter its long-standing monthly patch release schedule.

Click here to email Online Editor Frank Washkuch Jr.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters


More in News

ISSA tackles workforce gap with career lifecycle program

ISSA tackles workforce gap with career lifecycle program ...

On Thursday, the group launched its Cybersecurity Career Lifecycle (CSCL) program.

Amplification DDoS attacks most popular, according to Symantec

Amplification DDoS attacks most popular, according to Symantec

The company noted in a whitepaper released on Tuesday that Domain Name Server amplification attacks have increased 183 percent between January and August.

Court shutters NY co. selling security software with "no value"

A federal court shut down Pairsys at the request of the Federal Trade Commission.