Hackers pounce on just-patched Windows Media vulnerability

Summary:The end result is a malicious Trojan with rootkit capabilities. The attack happens silently in the background and all the user sees is a blank WMP application playing a file.

If you haven't gotten around to patching that Windows Media Player vulnerability fixed in the last Microsoft Patch Tuesday batch, you might want to immediately fire up Windows Update.

Just a few weeks after Microsoft shipped MS12-004, a “critical” bulletin with fixes for two serious flaws in the way Windows Media handles certain media files, hackers have pounced and are exploiting this issue to plant malware on unpatched computers.

According to a warning from Trend Micro, the in-the-wild attacks are being launched via web sites rigged with booby-trapped Windows media files.

Trend Micro said the infection vector is a malicious HTML which exploits the vulnerability by using two components that are also hosted on the same domain. The two files are: a MIDI file and a JavaScript, the company said.

[ SEE: 'Critical' Windows Media flaws put millions at risk ]

The end result is a malicious Trojan with rootkit capabilities.  The attack happens silently in the background and all the user sees is a blank WMP application playing a file.

Researchers at IBM ISS are also reporting increased chatter around the simplicity of exploiting this particular vulnerability:

In addition to the appearance of live exploitation, detailed discussion of the vulnerability details and methods of exploitation have been seen. The relatively low complexity of locating the vulnerability will doubtlessly lead to more malware targeting it.

This particular threat doesn't appear to be widespread at the moment but it's very likely that this bug could be fitted into popular exploit kits so it's important to apply this patch as soon as possible.

[ SEE: Ten little things to secure your online presence ]

Topics: Software, Hardware, Mobility, Operating Systems, Security, Windows

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.