Content

WMF focuses security pros’ attention

One security executive said the flaw, exposed in late December but originally designed in the 1980s to cancel a print job during spooling, left security pros without preemptive weapons against hackers. The flaw made it possible for hackers to infect a PC after a user clicked on an image file.

"The WMF vulnerability was a difficult one for security personnel to deal with because intrusion prevention and anti-virus solutions could detect the attack but were incapable of taking preemptive action," said Alan Shimel, chief strategy officer at StillSecure. "In a world where staying one step ahead of hackers is a constant battle, here was a situation where people could only be reactive until a patch was released."

Microsoft eventually changed course, distributing a patch to the public on Jan. 5 -- a week ahead of its routine "Patch Tuesday" release cycle date. The firm cited a public demand for the patch. Security analysts, however, said the immediate lack of a fix for the unique vulnerability was – and would be in future instances – a dangerous situation for both pros and home PC users.

"We shouldn't minimize how dangerous WMF was. A malicious threat like this, which could release its payload without a user installing a file but merely by viewing a graphic, has the potential for widespread harm," said Shimel. "WMF didn't propagate as quickly as some expected but the rapid progression from vulnerability to exploit only reaffirms the importance of staying on top of new threats. Response time is critical to effective network security."

Marcus Sachs, deputy director of SRI International, as well as director of the DHS's Cyber Security Research & Development Center, said hackers did not yet use the most effective way of spreading malware through the vulnerability.

"The worst case scenario would be if someone figured out a way to infect an administrator. You could crash millions of users instantly. Or if they made it self-replicating," he said. "Unfortunately, this vulnerability to use code within an image is nothing new. It is certainly a vulnerability despite its original intent."

Security experts said it was also possible that attacks focusing on WMF vulnerabilities would become more common in the future.

Related

DevSecOps Scanning Challenges & Tips

There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]

It Should Be ‘Cybersecurity Culture Month’

It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.