Must Read: Mint 15: Today's best Linux desktop (Review)

Topic: Software

Hackers pounce on just-patched Windows Media vulnerability

Summary: The end result is a malicious Trojan with rootkit capabilities. The attack happens silently in the background and all the user sees is a blank WMP application playing a file.

Ryan Naraine

By for Zero Day |

If you haven't gotten around to patching that Windows Media Player vulnerability fixed in the last Microsoft Patch Tuesday batch, you might want to immediately fire up Windows Update.

Just a few weeks after Microsoft shipped MS12-004, a “critical” bulletin with fixes for two serious flaws in the way Windows Media handles certain media files, hackers have pounced and are exploiting this issue to plant malware on unpatched computers.

According to a warning from Trend Micro, the in-the-wild attacks are being launched via web sites rigged with booby-trapped Windows media files.

Trend Micro said the infection vector is a malicious HTML which exploits the vulnerability by using two components that are also hosted on the same domain. The two files are: a MIDI file and a JavaScript, the company said.

[ SEE: 'Critical' Windows Media flaws put millions at risk ]

The end result is a malicious Trojan with rootkit capabilities.  The attack happens silently in the background and all the user sees is a blank WMP application playing a file.

Researchers at IBM ISS are also reporting increased chatter around the simplicity of exploiting this particular vulnerability:

In addition to the appearance of live exploitation, detailed discussion of the vulnerability details and methods of exploitation have been seen. The relatively low complexity of locating the vulnerability will doubtlessly lead to more malware targeting it.

This particular threat doesn't appear to be widespread at the moment but it's very likely that this bug could be fitted into popular exploit kits so it's important to apply this patch as soon as possible.

[ SEE: Ten little things to secure your online presence ]

Topics: Software, Hardware, Mobility, Operating Systems, Security, Windows

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

12 comments
Log in or register to join the discussion

  • RE: Hackers pounce on just-patched Windows Media vulnerability

    The hackers decide to write the trojan after the patch has been out, that's laughable and since its already patched their trojan is DOA.
    Loverock Davidson-
    Reply Vote

    • RE: Hackers pounce on just-patched Windows Media vulnerability

      @Loverock Davidson-
      That is a really myopic view of how things work in the real world. Just because a patch is out there does not mean that everyone instantly puts it into a production environment. If a patch comes out that cripples the infrastructure than which is better lost productivity or being vulnerable to something? Further people that happen to have computers that are not technically inclined do not stay on top of patch cycles by software vendors. My guess is that you are running software on your system right now that has a CVE identifier and you have not patched it yet. As almost everyone out there is.
      woot4moo
      Reply Vote

      • RE: Hackers pounce on just-patched Windows Media vulnerability

        @woot4moo that's why you should always enable auto updates. No thought needed, Microsoft issues a patch, and your system automatically becomes immune to the nasty virus. Unlike those other OSs, where you have to recompile your patches, and they often break more than they fix.
        Stephen-B
        Reply Vote

      • This is more a dig at the Apple and Linux fanbois

        @woot4moo
        They are always going on about how vulnerabilities don't count if they are patched.
        toddybottom_z
        Reply Vote

      • Speaking of Apple fanbois, hi Rick_Kl / Stephen-B

        You unwittingly give good advice. For home users, auto-updates should be enabled.
        toddybottom_z
        Reply Vote

    • RE: Hackers pounce on just-patched Windows Media vulnerability

      @Loverock Davidson- <br><br>It may be that it was easier for the hackers to reverse engineer the patch to determine a proper attack vector. Now it's a race between those with malicious code and unpatched users, to claim ownership of the machine.
      FuzzyBunnySlippers
      Reply Vote

    • RE: Hackers pounce on just-patched Windows Media vulnerability

      @Loverock Davidson- As others have said, some people don't have automatic updates enabled, so they won't be protected. And now that there's a patch available, the kinds of people who would write trojans can figure out how to reverse-engineer the specific exploit by checking the patch. Damn shame they can't figure out how to use their powers for good.
      Third of Five
      Reply Vote

  • Meh, user level exploit.

    Doesn't count according to the ZDnet forum criteria.
    ye
    Reply Vote

  • RE: Hackers pounce on just-patched Windows Media vulnerability

    Per the above, I would allow Microsoft to auto-update if I had any confidence they would not auto-install various browsers or silver-whateveritis.

    Here's a case for manually checking Windows Update, though. I've had two instances recently of installing software which includes unpatched MS C++ libraries. This shows up the next time you run Windows Update, but not before.

    Curiously, the latest was a 2008 version -- from Adobe Labs. Ah, well.

    Regards
    Narr vi
    Reply Vote

    • RE: Hackers pounce on just-patched Windows Media vulnerability

      @Narr vi
      What's wrong with silver-light? Don't like watching movies online? Ohwell, just FYI, silver-light is becoming a replacement for adobe flash in the upcoming HTML5 years.
      MrElectrifyer
      Reply Vote

      • RE: Hackers pounce on just-patched Windows Media vulnerability

        @MrElectrifyer

        I am sure you know what you are talking about. However, I will download Silverlight when I need it, not when MS wants me to. I have done without it so far...

        I, (and others,) would be more accepting of M$ stuff if they were great products for their own sake. .Net was only in response to Java. Silverlight was only in response to Flash. Windows desktop search was just in response to Goodle Desktop Search. Office document imaging was ... you get the idea... And don't forget DRM, well, so M$ can make money selling DRM solutions to businesses. And M$ tries to install and turn on every single one whether or not I want, need, or use them. That behavior isn't much better than the malware pushers.

        M$ has squandered a lot of goodwill with this crap and that business model. Now I am supposed to trust them? Luuuuuucy, you got some 'splainin' to do...!
        michaellashinsky@...
        Reply Vote

  • sdfsdf

    Wholesale Dartboard Wholesale Lanyard http://www.chinawholesaletown.com/wholesale-Toys---Games/ Tellurion
    Eye Mask Wholesale Coaster http://www.chinawholesaletown.com/wholesale-Digital-Photo-Frame/ Photo Frame
    Wholesale Frisbee World Cup Products http://www.chinawholesaletown.com/ Gift Bags
    Pen Holder Wholesale Clothes Rack http://www.chinawholesaletown.com/wholesale-iPod---iPhone/ Flag
    Promotional Gifts Wholesale Waterproof Case http://www.chinawholesaletown.com/wholesale-Bottle-Opener/ Garden Decorations
    Vocal Concert Products Stuffed Animals http://www.chinawholesaletown.com/wholesale-Heating-Products/ Digital Photo Frame
    Name Card Holder Wholesale Scissors http://www.chinawholesaletown.com/wholesale-Knife/ Lanyard
    Wholesale Lanyard Wholesale Pin http://www.chinawholesaletown.com/ Book Light
    Outdoor Leisure Products Electrical Gifts http://www.chinawholesaletown.com/wholesale-Fishing/ Mouse Pad
    Wholesale Calendar Wholesale Racks http://www.chinawholesaletown.com/wholesale-Apron/ Jewelry
    Wholesale Bracelet Silicone Products http://www.chinawholesaletown.com/wholesale-Medicine-Instrument/ Fan
    Wholesale Puzzle Wholesale Massager http://www.chinawholesaletown.com/wholesale-Furniture/ Tableware
    Wine Set Industrial Supplies http://www.chinawholesaletown.com/wholesale-Pen-Holder/ Scarf
    Wholesale Scissors Wholesale Lighter http://www.chinawholesaletown.com/wholesale-Jewelry/ Heating Products
    Lunch Box Wholesale Mouse http://www.chinawholesaletown.com/wholesale-Clothes-Rack/ Wedding Favors
    Wholesale Flashlight Wholesale Helmet http://www.chinawholesaletown.com/wholesale-MP3---MP4---MP5-Player/ lable
    Business Gift Health Care Products http://www.chinawholesaletown.com/wholesale-Stapler/ Whistle
    Wholesale Album Wholesale Apron http://www.chinawholesaletown.com/wholesale-Valentine-Gifts/ Promotional Gifts
    Wholesale Racks Wholesale Memory Card http://www.chinawholesaletown.com/wholesale-Poncho-Raincoat/ Reflective Safety Vest
    Poncho Raincoat Wholesale Mp3 http://www.chinawholesaletown.com/wholesale-Glasses/ Mobile Phone
    Health Care Products Wholesale Hardware Tools http://www.chinawholesaletown.com/wholesale-Recorder-Pen/ Pin
    Wholesale Umbrella Electroluminescent http://www.chinawholesaletown.com/wholesale-Entertainment/ First Aid Kit
    Wholesale Swimming Products Wholesale TelePhone http://www.chinawholesaletown.com/wholesale-USB-Products/ Sticker
    Wholesale Kitchenware Wholesale Tag http://www.chinawholesaletown.com/wholesale-First-Aid-Kit/ Cards
    Wholesale Sticker Wholesale Stationery http://www.chinawholesaletown.com/wholesale-Waterproof-Case/ Poncho
    Wholesale Towel Entertainment Supplies http://www.chinawholesaletown.com/wholesale-Dartboard/ Dartboard
    Wholesale Gift Bags Voice Recorder http://www.chinawholesaletown.com/wholesale-Bracelet---Bangle/ Promotional Products
    Wholesale Mat Money Clip http://www.chinawholesaletown.com/wholesale-Silicone/ Pet Supplies
    Tape Measure Wholesale Sticker http://www.chinawholesaletown.com/wholesale-Halloween-Gift/ Lighter
    Gift Box Beauty Equipment http://www.chinawholesaletown.com/wholesale-Belt/ Tie
    Baby Products Suppliers CD Holde http://www.chinawholesaletown.com/wholesale-Whistle/ Towel
    Wholesale Tableware Vocal Concert Products http://www.chinawholesaletown.com/wholesale-Bracelet---Bangle/ Lighting Products
    Wholesale First Aid Kit Wholesale Scarf http://www.chinawholesaletown.com/wholesale-Lanyard/ Glass
    Garden Decorations Wholesale Speakers http://www.chinawholesaletown.com/wholesale-Bag/ Frisbee
    Entertainment Supplies Wholesale Compass http://www.chinawholesaletown.com/wholesale-Consumer-Electronics/ Scissors
    Wholesale Memory Card Wholesale Knife http://www.chinawholesaletown.com/wholesale-Mouse/ Massager
    Wholesale Radio Giveaway Material http://www.chinawholesaletown.com/wholesale-Sticker/ Money Bank
    Wholesale Camera Eye Mask http://www.chinawholesaletown.com/wholesale-Compass/ Valentine Gifts
    jywhy888
    Reply Vote
CNET Join | Log In | Privacy | Cookies Close