/>
X
Business

Hackers pounce on just-patched Windows Media vulnerability

The end result is a malicious Trojan with rootkit capabilities. The attack happens silently in the background and all the user sees is a blank WMP application playing a file.
ryan-naraine.jpg
Written by Ryan Naraine, Contributor on

If you haven't gotten around to patching that Windows Media Player vulnerability fixed in the last Microsoft Patch Tuesday batch, you might want to immediately fire up Windows Update.

Just a few weeks after Microsoft shippedMS12-004, a “critical” bulletin with fixes for two serious flaws in the way Windows Media handles certain media files, hackers have pounced and are exploiting this issue to plant malware on unpatched computers.

According to a warning from Trend Micro, the in-the-wild attacks are being launched via web sites rigged with booby-trapped Windows media files.

Trend Micro said the infection vector is a malicious HTML which exploits the vulnerability by using two components that are also hosted on the same domain. The two files are: a MIDI file and a JavaScript, the company said.

[ SEE: 'Critical' Windows Media flaws put millions at risk ]

The end result is a malicious Trojan with rootkit capabilities.  The attack happens silently in the background and all the user sees is a blank WMP application playing a file.

Researchers at IBM ISS are also reporting increased chatter around the simplicity of exploiting this particular vulnerability:

In addition to the appearance of live exploitation, detailed discussion of the vulnerability details and methods of exploitation have been seen. The relatively low complexity of locating the vulnerability will doubtlessly lead to more malware targeting it.

This particular threat doesn't appear to be widespread at the moment but it's very likely that this bug could be fitted into popular exploit kits so it's important to apply this patch as soon as possible.

[ SEE: Ten little things to secure your online presence ]

Editorial standards

Related

I put the Apple Watch Ultra through a Tough Mudder: Here's how it held up
aw-ultra-tough-mudder-7

I put the Apple Watch Ultra through a Tough Mudder: Here's how it held up

Slow internet at home? This adapter is the key to faster wired connectivity
replace-this-image.jpg

Slow internet at home? This adapter is the key to faster wired connectivity

Meta's AI guru LeCun: Most of today's AI approaches will never lead to true intelligence
yann-lecun-crop-for-twitter-sept-2022

Meta's AI guru LeCun: Most of today's AI approaches will never lead to true intelligence