Fresh Meat for Hackers

Microsoft's latest crop of patches includes Vista and its antivirus engine

February 14, 2007

2 Min Read
Network Computing logo

4:20 PM -- It's been a long time since Patch Tuesday has been, well, interesting. The stream and trickle of Windows, Office, and IE patches each month all start to blur together after a while -- until yesterday, that is.

There was fresh meat (a term enthusiastic hackers use to describe new software they plan to attack) among the patches Microsoft Corp. (Nasdaq: MSFT) issued yesterday: a critical flaw in its core antivirus engine, which comes with Microsoft's new Live OneCare, Windows Defender, and Windows Defender for Vista. And for once, this is a bug that doesn't require a user to do something stupid, like open a suspicious file or click on an unknown link.

Whoa. A bug for both Vista and a Microsoft Malware Engine that doesn't require user interaction?

But not so fast. Turns out this flaw is the one you least need to worry about: the auto-update feature of the products automatically patches it. "From an industry standpoint, this is a big deal because it's one of the first ones on Vista for remote code execution," says Lamar Bailey, senior ISS X-Force operations officer. "From a customer standpoint, it's not as big a deal."

Bailey should know, because it was X-Force researchers who found and alerted Microsoft to the flaw, which Microsoft patched in MS07-010. The vulnerability lets an attacker send a specially-crafted PDF file to a user, which the antivirus engine then scans. The exploit triggers a heap overflow in the antivirus engine and allows the remote-code execution and the ability for the attacker to get system-level privileges.

"I doubt we’ll see anything in the wild, because it can be auto-updated, which saves most customers," he says.

Some of the other patches issued yesterday address problems that are more worrisome, including ones for data access components (think databases), Microsoft Office, and Internet Explorer. But you've got to admit MS07-010 is compelling in that it's ushering in a new phase of Microsoft patches.

In other words, it won't be fresh meat for long.

— Kelly Jackson Higgins, Senior Editor, Dark Reading

SUBSCRIBE TO OUR NEWSLETTER
Stay informed! Sign up to get expert advice and insight delivered direct to your inbox
Sign-Up

You May Also Like

More Insights
Webinars
More Webinars
Reports
More Reports

Editor's Choice

Nextgen network management
Network Management
Nextgen Network Management: What’s Next and Are We Ready?Nextgen Network Management: What’s Next and Are We Ready?
byMary E. Shacklett, President, Transworld Data
May 27, 2024
4 Min Read
SASE Explained: Definition, Benefits, and Best Practice
SASE Networking
SASE Explained: Definition, Benefits, and Best PracticeSASE Explained: Definition, Benefits, and Best Practice
bySalvatore Salamone, Managing Editor, Network Computing
May 1, 2023
22 Min Read
NaaS 2024: A Look at the Future of Network Services
Network Infrastructure
NaaS 2024: A Look at the Future of Network ServicesNaaS 2024: A Look at the Future of Network Services
byPascal Menezes, MEF
Mar 22, 2024
5 Min Read
Webinars
More Webinars
White Papers
More White Papers
Reports
More Reports
Live Events
More Live Events
May 2, 2024
While there are plentiful options in cyber resiliency and business continuity tools and platforms, there isn’t one that can knock out everything from sudden cloud outages to prolonged ransomware attacks in a single punch. What can you do to keep the company on its feet no matter what is thrown at it? Find out in this new virtual event.
Reserve Your Seat