Home / News & Blogs

Expert: Flaw still dogs Windows patch

Matt Hines | January 25, 2005 12:00 AM PST

Summary

An antivirus firm says Microsoft overlooked a potential exploit in its last Windows fixes. The software giant disagrees.

Topics

Matt Hines
Antivirus specialist GeCad Net is warning that it has found a problem with Microsoft's most recent software patch for Windows.

The Bucharest, Romania-based security service provider said that acritical patch issued by Microsoftin its MS05-001 bulletin earlier this month fails to resolve all of thesecurity issues surrounding the HTML Help ActiveX control in Windows.Microsoft distributed the fix, along with additional security updates,to address the threat of attackers placing and executing malicious programs such as spyware on affected computers.

GeCad, which sold its antivirus software business to Microsoft in 2003, said that the patch has not addressed at least one so-calledattack vector, or weakness, that could allow an exploit of the HTML Help ActiveX control vulnerability.

A Microsoft representative said Monday that the Redmond, Wash.-basedcompany is already working to close the loophole reported by GeCad, andemphasized that the January patch had fixed the original reportedproblem.

"Microsoft issued an update to address a vulnerability in the HTMLhelp control in Windows, and this update does protect against thepublicly reported vulnerability," the representative said.

Moreover, the software maker disagreed that it overlooked a potential exploit with its patch. Instead, it said that the problem is a new flaw in HTML Help control that was not tackled in the update.

"Microsoft has been made aware of a publicly reported exploit of adifferent vulnerability than the one addressed," the representativesaid. "This vulnerability could be exploited in such a way as to causethe HTML Help control to execute code on a user's computer."

Microsoft did not say whether the fix would be released before itsFebruary patch bulletin.

GeCad said it is not disclosing technical details of the attackmethod right now for "security reasons." Microsoft has butted heads with security researchers in the past when they have disclosed information about flaws before the company has been able to patch them.

The antivirus company said the potential for attack is opened up if a computer is updated with Microsoft's Windows XP Service Pack 1 orWindows 2000 Service Pack 4, along with the most recent securitypatches. It also noted that updating with Microsoft's Windows XP Service Pack 2 seems to prevent the problem.

In 2003, Microsoft purchased GeCadSoftware, GeCad's antivirus software development business,but the remaining company continues to operate as a security researcherand consultancy. Microsoft is expected to release its own antivirussoftware sometime later this year.

Talkback - Tell Us What You Think

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity