Microsoft releases early ANI fix in GDI patch
Microsoft has released an out-of-cycle fix - one week before its scheduled Patch Tuesday release - for numerous vulnerabilities in Graphics Device Interface (GDI) that could allow remote code execution.
Researchers from a list of vendors and organizations have reported attacks exploiting the flaw this week, many traced back to China.
By Monday, Ken Dunham, director of the Rapid Response Team at VeriSign iDefense, said more than 150 malware samples exploiting the flaw were in the wild. Websense reported more than 100 exploitation sites by Saturday morning.
Microsoft revealed Monday in an advance notification that it would release a lone bulletin for Windows with a maximum severity rating of "critical." The update will require a restart and will be detectable using the Microsoft Baseline Security Analyzer.
A Microsoft spokesperson confirmed earlier this week that MS07-017 will address a vulnerability in Windows ANI.
The spokesperson said attacks and customer impact were limited, although Microsoft was aware of the existence of a public attack on the flaw.
Meanwhile, eEye Digital Security, which released a third-party patch for the ANI flaw earlier in the week, updated its fix on Monday. A hacker using the alias Jamikazu posted zero-day exploit code that bypasses eEye’s patch to the Milw0rm site on Sunday.
ZERT (the Zeroday Emergency Readiness Team) also released an unauthorized fix for the flaw this week.
Redmond also released an early fix for a flaw in Windows metafile – a vulnerability often compared to the ANI flaw - in late 2005.
Click here to email Online Editor Frank Washkuch.
Looking for a new job? SCMagazine.com has the latest IT security employment opportunities. Click here for our jobs page.