LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: July 18th, 2014
Linux Advisory Watch: July 13th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
New, 'Critical' Windows Bug Lack Patches Print E-mail
User Rating:      How can I rate this item?
Source: securitypipeline.com - Posted by Vincenzo Ciaglia   
Vendors/Products A trio of new and unpatched vulnerabilities in Microsoft Windows were made public on security mailing lists over the weekend, nudging some security vendors to alert users that their systems may be open to attack and hijacking. The vulnerabilities, first reported by a Chinese group and then posted to the Bugtraq mailing list, are in Windows' LoadImage API function, its animated cursor files, and in the way it handles help files. All of the bugs are as yet unpatched. All currently-supported versions of Windows -- Windows NT, 2000, XP, and Windows Server 2003 -- are affected by the three flaws, said Venustech, the Chinese security firm that posted analysis on Bugtraq. Some impact Windows XP Service Pack 2 (SP2), some don't.


The LoadImage API vulnerability, for instance -- the latest in a series of image-related vulnerabilities that have hit Windows, Unix, and Linux -- affects Windows NT through Windows Server 2003. Whether Windows XP SP2 is at risk, however, isn't yet known.

This vulnerability could be exploited by attackers who entice users to a malicious Web site that includes a specially-crafted icon, cursor, animated cursor, or bitmap file, said Danish security firm Secunia in its alert. Alternately, the malicious image could be delivered via HTML e-mail. Users who view such messages or visit such sites could find their systems hijacked by hackers, who would be able to run their own code remotely on the PC.

The second bug, which is in Windows' ANI (animated cursor) files, could be used by an attacker to crash or freeze a Windows PC, said Venustech in its analysis. Windows XP SP2 is not vulnerable to this flaw, however.

But it is to the third, and last, of the trio, which revolves around how Windows parses help files. The bug can be exploited to create a buffer overflow, and thus give attackers control of the computer, if users open a maliciously-crafted help file posted on a site or sent to them via e-mail.

Read this full article at securitypipeline.com

Only registered users can write comments.
Please login or register.

Powered by AkoComment!

 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
How Hackers Hid a Money-Mining Botnet in Amazonís Cloud
Homeland Security gets into software security
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.