Menu
MS changes tune, says attackers are exploiting new bug

MS changes tune, says attackers are exploiting new bug

Initially Microsoft said there were no attacks based on the MS09-051 issue

One of the 34 bugs Microsoft patched on Tuesday is more serious than it first appeared.

Two hours after initially reporting in its security bulletin (MS09-051) that it was unaware of attacks exploiting a multimedia flaw in the Windows Media Runtime software, Microsoft revised its assessment. The software vendor now says that its initial bulletin was wrong and it has in fact seen "limited attacks trying to use the reported vulnerability."

The flaw lies in the way the Windows Media Runtime software processes certain types of ASF (Advanced Systems Format) files, used by streaming media. Microsoft rates the issue as critical for Windows 2000, XP, Vista and Windows Server users.

It was initially reported to Microsoft by both McAfee and 3Com's TippingPoint unit.

A McAfee spokesman echoed Microsoft's assessment of the bug Tuesday. "We have not seen any extensive in-the-wild exploitation of this vulnerability," said Joris Evers, via instant message.

Although the bug had been publicly disclosed, it was not widely known in the security research community.

McAfee's Evers said that one of his company's researchers had stumbled across the bug in a Chinese language bulletin board.

Tuesday's patch release was Microsoft's largest ever, fixing 34 bugs in the company's software, including vulnerabilities in the SMB (Server Message Block) 2 software that Microsoft introduced in Vista and the FTP (File Transfer Protocol) service that ships with some versions of the IIS (Internet Information Services) Web server. These two bugs had also been publicly disclosed, although neither is being used in any kind of widespread attack, security experts say.

Administrators should install the Windows Media Runtime patch as soon as possible, because this type of flaw could easily be exploited in a Web-based attack, said Andrew Storms, director of security operations with nCircle. "You can embed malicious code in what looks like a normal audio file," he said.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags Microsofthotmail

Featured

Slideshows

Tech industry comes out in force as Lancom turns 30

Tech industry comes out in force as Lancom turns 30

A host of leading vendors and customers came together to celebrate the birthday of Lancom Technology in New Zealand, as the technology provider turned 30.

Tech industry comes out in force as Lancom turns 30
The making of an MSSP: a blueprint for growth in NZ

The making of an MSSP: a blueprint for growth in NZ

Partners are actively building out security practices and services to match, yet remain challenged by a lack of guidance in the market. This exclusive Reseller News Roundtable - in association with Sophos - assessed the making of an MSSP, outlining the blueprint for growth and how partners can differentiate in New Zealand.

The making of an MSSP: a blueprint for growth in NZ
Reseller News Platinum Club celebrates leading partners in 2018

Reseller News Platinum Club celebrates leading partners in 2018

The leading players of the New Zealand channel came together to celebrate a year of achievement at the inaugural Reseller News Platinum Club lunch in Auckland. Following the Reseller News Innovation Awards, Platinum Club provides a platform to showcase the top performing partners and start-ups of the past 12 months, with more than ​​50 organisations in the spotlight.​​​

Reseller News Platinum Club celebrates leading partners in 2018
Show Comments