Second zero-day hole sinks Windows

Microsoft admits attacks already taking advantage of Visual Studio bug.


A serious security flaw in Visual Studio 2005 disclosed by Microsoft last week is already being attacked, the software giant has admitted.

The incident represents the latest black eye for Microsoft over security, and is part of an increasingly common trend - attackers taking advantage of an unpatched or "zero-day" flaw well before a fix is available. Just last week, Microsoft acknowledged attacks exploiting a newly discovered, different, unpatched bug in the XMLHTTP 4.0 ActiveX control.

That bug is expected to be patched this month, but the Visual Studio flaw is likely to have to wait. In its advisory, Microsoft said it was "are aware of proof of concept code published publicly and of limited attacks using the reported vulnerability", and would take action when its investigation was complete.

TippingPoint has said that since the weekend it has seen hundreds of attacks originating in Russia and using the flaw to install viruses on US systems. TippingPoint said it reported the flaw to Microsoft in June, though Microsoft didn't make the flaw public until last week. Researcher HD Moore has said he has seen attacks using the exploit as far back as July.

The vulnerability lies in an ActiveX control called the WMI Object Broker control, contained in the WmiScriptUtils.dll, Microsoft said. For a successful attack, a user would have to be lured to a website designed to exploit the flaw, but exploitation doesn't require any other user interaction. Microsoft cautioned against following links in emails from unknown senders, since those could lead to an attacker's site.

At a recent press conference Microsoft's Jim Allchin suggested that such security crises would become a thing of the past once Windows Vista arrives - at least for a while. "My son, seven years old, runs Windows Vista, and, honestly, he doesn't have an antivirus system on his machine... and I'm feeling totally confident about that," Allchin said, according to a report. "That is quite a statement. I couldn't say that in Windows XP SP2."

This was partly due to a feature called Address Space Layout Randomization, which makes it difficult for worms to jump from one machine to another, Allchin said. He admitted that it will probably not take long for hackers to find a way around such features.

Microsoft has been making high claims for the ever-increasing security of Windows since it began a security push several years ago, an effort that has most recently produced Windows XP SP2.

"Recommended For You"

Old QuickTime bugs patched by Apple Windows Media Runtime bug under hack attack, admits Microsoft