Windows photo bug under attack

Attack code for exploiting a critical bug in some versions of Windows has been released onto the internet.

Share

Attack code for exploiting a critical bug in some versions of Windows has been released onto the internet.

Microsoft patched the flaw, which affects older versions of Windows, on 9 October. When the Image Viewer tries to open a maliciously encoded TIFF (Tagged Image File Format) file, it can be tricked into running unauthorised software.

A sample of the exploit was posted to the Milw0rm website. The code has not yet been used in any attacks, according to Symantec, which issued an alert on the matter.

Symantec recommends that Windows users install the MS07-055 update as quickly as possible.

Microsoft took the unusual step of issuing its own security update for Kodak's software, because the image viewer (formerly known as the Wang Image Viewer) had shipped in Windows 2000 systems by default.

Still, many Windows users are not affected by the problem. Windows XP and Windows Server 2003 users should not have the software installed unless they downloaded it directly or upgraded from Windows 2000. Windows Vista users are not affected.

Also, users would have to open the TIFF file using the Kodak Image Viewer for the attack to work. Because most PCs are set to automatically open TIFFs using some other piece of software, it is unlikely that an attack would succeed.

"Its not a huge deal, though, we don't think," said Marc Maiffret, chief technology officer with eEye Digital Security. "You probably have some other program that defaults to open TIFFs like QuickTime or Photoshop."

The sample attack code affects the Korean language version of Windows, but it could be easily modified to affect other versions of the software, Maiffret said.

Find your next job with computerworld UK jobs