Subscribe
About

MS patches critical vulnerability

As part of its monthly "Patch Tuesday" schedule, Microsoft has issued two new bulletins (one of them described as "critical") about security vulnerabilities in its software, says Brett Myroff, CEO of master Sophos distributor, Netxactics.

The vulnerabilities cover a number of different versions of the Windows operating system, but do not include Windows Vista, he says.

"The more serious of the bulletins tackles a remote code execution vulnerability in the way that the Windows shell handles maliciously-crafted uniform resource identifiers. This is the same flaw that Sophos experts discovered was being exploited by the widely-distributed PDFex Trojan horse at the end of last month," Myroff explains.

Trojan wars

This week saw a number of low to medium-prevalence threats, which include the Troj/Jardo-A Trojan. It affects Windows users, and also occurs as Trojan.Java.ClassLoader.as and Java/ClassLoader Trojan, says Myroff.

It attempts to download an executable file from a location given to it to either: C:ms<random numbers>.exe or <Startup>MSwin-<random numbers>.exe.

Troj/Kango-D, also affecting the Windows operating system, is a spyware Trojan that steals information, drops more malware, records keystrokes and installs itself in the registry, says Myroff.

"Troj/Kango-D includes functionality to access the Internet and communicate with a remote server via HTTP."

When run, Troj/Kango-D generates the fake error message: "Microsoft Word has generated an error and will be closed!"

It installs a number of files and creates a registry entry to run the Trojan on start-up, he says.

Two further Trojans have also been detected. According to Myroff, these include Troj/GMRedir-A, an HTML-based JavaScript file that attempts to redirect users` browser to a phishing Web site, and Troj/Dorf-AG.

Return of the worm

The W32/Rbot-GVC worm has also emerged and, again, is targeting Windows users, says Myroff.

When first run, W32/Rbot-GVC copies itself to <System>od64.exe and creates the file <Root>a.bat. The file a.bat is detected as Troj/Batten-A.

"In light of the vulnerabilities highlighted by Microsoft, companies should roll-out patches as a matter of urgency, as these vulnerabilities could enable hackers to access data on an unprotected PC or run malicious code such as a worm," Myroff says.

"Leaving computers unpatched means you risk becoming the victim of a hacker attack. Network access control can go a step further to help organisations enforce security policies, ensuring any non-compliant device is locked down and unable to jeopardise the network."

Home users of Microsoft Windows can have their systems scanned for Microsoft security vulnerabilities.

"IT managers responsible for security should consider subscribing to vulnerability mailing lists, such as that operated by Microsoft," he concludes.

Share

Editorial contacts