Information Security Professionals Discover New Vulnerability In Microsoft Windows

Recently, Microsoft issued a security advisory alerting users against a new vulnerability in Microsoft Windows

. The vulnerability is related to the Windows Graphic Rendering engine. The vulnerability is caused by an improper parsing of a specially crafted thumbnail image by attackers. Information security professionals are working to mitigate the vulnerability. The vulnerability results in stack overflow. Stack overflow represents a scenario wherein excess memory is used in call stack. An attacker may exploit the vulnerability by luring a user to view a specially crafted thumbnail image. The vulnerability affects Windows XP, Windows Vista, Windows Server 2003 and some versions of Windows Server 2008. The vulnerability does not affect Microsoft Windows Server 2008 for x64, Itanium based systems and Windows 7 for 32 bit and x64 based systems.

The attacker may send the malicious thumbnail image embedded in Microsoft word or PowerPoint file through e-mail as an attachment. The e-mails from attackers have cleverly crafted messages and appear to come from a legitimate source. When an unwary user opens the file to view or preview the thumbnail image, the attacker may execute arbitrary code. An attacker may also place the malicious thumbnail image on a network share. The arbitrary code is executed by tricking the users to navigate the file by clicking on a link in instant message or e-mail. The attackers rely on return-oriented-programming.

Once the malicious code is executed, the attackers may gain control of the affected computer system. Through remote access to the computer, an attacker may direct commands, view, modify and delete files. The attacker may also create new user accounts. Successful exploitation of the vulnerability may cause information security breach. Users must avoid clicking on suspicious links, avoid downloading untrusted files and evade e-mails from unknown sources. Users with administrative rights are more susceptible to the vulnerability than users with user accounts. Data breach has financial, business, reputational and legal implications for organizations. Employee awareness, adherence to security advisories, periodic security evaluations through ethical hacking and security audits, and monitoring traffic to databases with privileged information may help organizations in mitigating vulnerabilities and reducing attacks.

Contact Press

EC-Council

Website: http://www.eccouncil.org

Email: iclass@eccouncil.org

Tel: 505-341-3228

by: Contact Press, EC-Council

POST COMMENT

Why Does My Computer Run So Slow? - Use Registry Cleaner Upvc Doors And Windows - New Year New Look Windows Installer - Pneumatic Butterfly Valve - China Wafer Type Butterfly Valve Gome Appliance Chain Vista Is Microsoft's Retail Line Of Attention - The Country The United AC Repair Needed? What You Need to Know So You Don't Get Ripped Off Recovering inaccessible Windows XP when the Ntoskrnl.exe file is missing or corrupt 4 Advantages of Dent Repair Affordable Repair For Air Conditioning In Lake Worth Repair Business For Sewing Machines Debt Settlement - Is Debt Negotiation Service Followed By A Credit Repair Service How Do You Know A Registry Cleaner Is Right For Your Needs? What to do for pool heater repair? Choose Windows Servers To Host Captivating Websites