Patch/Configuration Management, Vulnerability Management

Exploits for another Microsoft flaw in the wild

Microsoft released an advisory late Thursday for a exploitable flaw in supported versions of Windows.

Customers running Windows Server 2003 and Windows 2003 Service Pack 1 as default configurations - with enhanced security configurations turned on - are not affected.

The flaw exists in Windows Shell and is exposed by Web View, according to Microsoft's advisory.

Microsoft was in the midst of busy week to begin with, fighting off exploits to the VML flaw by releasing an out-of-cycle patch.

New exploits for PowerPoint and Internet Explorer were also found in recent days.

Microsoft is aware of proof-of-concept exploit code published for the flaw, but not of any attacks, a company spokesperson said today.

The spokesperson added that Microsoft is working on a patch for its Oct. 10 release.

To infect a PC, a malicious user would have to lure him or her to a specially crafted site and use social engineering to get them to click on a link to the attack site.

Ken Dunham, Director of the Rapid Response Team at VeriSign iDefense, told today that the flaw is one of three that his company is specially monitoring around the clock.

"The threat landscape for this vulnerability is distinctively different from the former VML vulnerability resulting in an out-of-cycle patch earlier this week," he said. "Additionally, public disclosure of this exploit code occurred after VML attacks. As a result, WebViewFolderIcon is temporarily overshadowed by attackers concentrating on VML attacks while the harvest is fruitful for unpatched machines. WebViewFolderIcon has potential to become a large risk if exploitation ramps up in the wild."

Click here to email Frank Washkuch Jr.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.