Fresh Meat for Hackers

Microsoft's latest crop of patches includes Vista and its antivirus engine

February 14, 2007

2 Min Read
Network Computing logo

4:20 PM -- It's been a long time since Patch Tuesday has been, well, interesting. The stream and trickle of Windows, Office, and IE patches each month all start to blur together after a while -- until yesterday, that is.

There was fresh meat (a term enthusiastic hackers use to describe new software they plan to attack) among the patches Microsoft Corp. (Nasdaq: MSFT) issued yesterday: a critical flaw in its core antivirus engine, which comes with Microsoft's new Live OneCare, Windows Defender, and Windows Defender for Vista. And for once, this is a bug that doesn't require a user to do something stupid, like open a suspicious file or click on an unknown link.

Whoa. A bug for both Vista and a Microsoft Malware Engine that doesn't require user interaction?

But not so fast. Turns out this flaw is the one you least need to worry about: the auto-update feature of the products automatically patches it. "From an industry standpoint, this is a big deal because it's one of the first ones on Vista for remote code execution," says Lamar Bailey, senior ISS X-Force operations officer. "From a customer standpoint, it's not as big a deal."

Bailey should know, because it was X-Force researchers who found and alerted Microsoft to the flaw, which Microsoft patched in MS07-010. The vulnerability lets an attacker send a specially-crafted PDF file to a user, which the antivirus engine then scans. The exploit triggers a heap overflow in the antivirus engine and allows the remote-code execution and the ability for the attacker to get system-level privileges.

"I doubt we’ll see anything in the wild, because it can be auto-updated, which saves most customers," he says.

Some of the other patches issued yesterday address problems that are more worrisome, including ones for data access components (think databases), Microsoft Office, and Internet Explorer. But you've got to admit MS07-010 is compelling in that it's ushering in a new phase of Microsoft patches.

In other words, it won't be fresh meat for long.

— Kelly Jackson Higgins, Senior Editor, Dark Reading

Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like

More Insights