SHARE
Facebook X Pinterest WhatsApp

Exploit Released for Critical PC Hijack Flaw

A fully working exploit for a worm hole fixed by Microsoft two days ago has been put into limited release, prompting new “patch now” warnings from computer security experts. The exploit, which allows PC takeover attacks on Windows XP SP2, has been published to Immunity’s partners program, which offers up-to-the minute information on new vulnerabilities […]

Written By
thumbnail Ryan Naraine
Ryan Naraine
Jan 11, 2007
Channel Insider content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

A fully working exploit for a worm hole fixed by Microsoft two days ago has been put into limited release, prompting new “patch now” warnings from computer security experts.

The exploit, which allows PC takeover attacks on Windows XP SP2, has been published to Immunity’s partners program, which offers up-to-the minute information on new vulnerabilities and exploits to IDS (intrusion detection companies) and larger penetrating testing firms.

Immunity, based in Miami Beach, Fla., sells access to the partners program for around $40,000, according to founder Dave Aitel.

The company’s exploit takes aim at a “critical” bug in the way VML (Vector Markup Language) is implemented in Windows. It has been successfully tested on Windows XP SP2 and Windows 2000, with default installations of Internet Explorer 6.0.

“This is a fully working exploit, [it] will give you full access to do anything on the target machine,” says Immunity researcher Kostya Kortchinsky.

The exploit was created and confirmed in less than three hours after Microsoft’s Patch Tuesday release on Jan. 9, a fact that clearly illustrates just how much the gap has narrowed between patch release and full deployment on enterprise networks.

For consumers, Microsoft uses the Automatic Updates mechanism to push down updates but, in the enterprise, patches must go through rigorous test passes to ensure there are no conflicts with mission-critical applications.

On average, it could take a business a full month to fully test and deploy updates to every desktop, laptop, server or mobile device.

Kortchinsky said the exploit will be refined to try to get code execution on Internet Explorer 7.0, the newest version of Microsoft’s dominant Web browser.

According to the MS01-004 bulletin that covers the VML flaw, IE 7.0 on Windows XP and Windows Server 2003 is indeed vulnerable.

Microsoft said the flaw was originally reported through its “responsible disclosure” process, but a note in the advisory says it was used in zero-day attacks before the Patch Day.

There is no public information available on those zero-day attacks. Microsoft did not release a pre-patch advisory to warn of the VML attacks.

Officials in the MSRC (Microsoft Security Response Center) are strongly urging Windows users to treat the VML fix and a “high-priority” update.

No patches for Microsoft Word Zero-Day flaws. Click here to read more.

In an interview with eWEEK, Mark Griesi, security program manager in the MSRC, said the risk is high because there is a remote unauthenticated attack vector that gives an attacker a way to hijack a vulnerable system without any user action.

“That one should be your absolutely highest priority,” Griesi declared.

Microsoft also warned users to pay special attention to MS01-003, a bulletin that addresses a trio of serious flaws in the Microsoft Outlook e-mail application.

One of the Outlook flaws, which carries a “critical” rating, allows an attacker to use malformed VEVENT records to launch executable code when Outlook handles file parsing routines.

Ominously, a successful attack only requires that an e-mail is sent to the target if a specially rigged .ICS (iCal) file is embedded into the body of a message.

Workstations and terminal servers are primarily at risk, according to Microsoft’s advisory.

Microsoft shipped a total of four bulletins in January with patches for a least 10 holes in Outlook, Excel and Windows. However, there were no fixes for known code execution holes in Microsoft Word that have already been targeted in zero-day attacks.

Check out eWEEK.com’s Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Ryan Naraine’s eWEEK Security Watch blog.

Recommended for you...

BlackFog & Exertis Enterprise Ink Distribution Deal
Victoria Durgin
Sep 16, 2025
Proofpoint Intros Agentic AI-Based Compliance Offering
Jordan Smith
Sep 16, 2025
Simbian Partnering With Wipro on AI SOC Tech
Jordan Smith
Sep 16, 2025
Eaton Announces Solution to Mitigate AI Power Bursts
Jordan Smith
Sep 15, 2025
Channel Insider Logo

Channel Insider combines news and technology recommendations to keep channel partners, value-added resellers, IT solution providers, MSPs, and SaaS providers informed on the changing IT landscape. These resources provide product comparisons, in-depth analysis of vendors, and interviews with subject matter experts to provide vendors with critical information for their operations.

Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.