PDF Attacks Being "Massively Spammed" According to Microsoft
In the wake of this week’s malware attacks using rigged PDF files, Microsoft has updated its security advisory to stress that the underlying flaw — in the Windows operating system — is still not fixed.
The advisory, first issued on October 10, points to an unpatched code execution hole in Windows XP and Windows Server 2003 (with Windows Internet Explorer 7 installed). While applications like Adobe Reader/Acrobat are currently being used as the vector for attack, Microsoft is making it clear that patches from third-party vendors aren’t a cure-all for this bug.“[B]ecause the vulnerability mentioned in this advisory is in the Microsoft Windows ShellExecute function, these third party updates do not resolve the vulnerability - they just close an attack vector,” says Bill Sisk, a member of Redmond’s security response communications team.
Read on for more...
[snip]
Sisk described the PDF exploit as “active” but “fairly limited” and said Microsoft is working around the clock to monitor the situation and get a patch out the door.Microsoft’s next scheduled patch release date is Tuesday November 13, 2007 — a full 18 days away. An out-of-cycle patch could be forthcoming but this is unlikely unless the attacks intensify.
The article continues on to discuss an F-Secure alert that the vulnerability is being "massively spammed". The good news at this point, according to F-Secure is that the critical secondary download site (where the bad code is brought down) has been taken down. Though it's my personal experience that code of this nature is typically easy to morph into other possibilities as time goes on until the hole is patched.
Email This!
Digg it!
Sphere it!
Del.icio.us
Reddit!
Newsvine