Alerts
Windows Graphics Rendering Engine Zero Day
Date:
December 30, 2005
Severity:
High
Overview:
Over the last few days, several media outlets and information security vendors have alerted users to the existence of a "zero day" vulnerability affecting Windows XP SP2 and other versions of Microsoft Windows. Exploitable via both Internet Explorer and Firefox (as well as email), this vulnerability is found in the Windows Graphics Rendering Engine and allows for remote code to be executed on the affected system. "Zero Day" vulnerabilities are those which are publicly disclosed prior to the existence of proper remediation or mitigation steps.
What eEye Customers Should Know
Windows 98, Windows ME, Windows 2000, Windows XP, and Windows 2003 are all affected, with no patch being made available yet. The Windows Graphics Rendering Engine is vulnerable, exploitable via a malicious website or other HTML document that contains a maliciously crafted WMF file that, if successful, will run arbitrary commands on a remote system. When the system is exploited, it will run arbitrary commands in the context of the logged-in user.
Users of Internet Explorer can be exploited in an automated fashion. Users of Mozilla Firefox, while still at risk, are less vulnerable, as they would need to download and execute a malicious WMF file.
It has been reported that this vulnerability is being used to distribute spyware. As always, users should take precautions to not click on web links sent to them in unsolicited emails and take note of what websites they are visiting.
Prevention:
eEye Digital Security's Research Team, after a detailed analysis of this flaw, has confirmed that eEye's Blink® Endpoint Vulnerability Prevention protects from the potential exploitation of this flaw, without requiring invasive firewalling, which could limit system functionality. Additionally, Blink does not require the killing of services or applications as a means of protection. The result is 100% protection, with zero downtime or impact to operations.
Current Blink customers aren't required to do anything to realize the protection from this flaw. No updates or policy changes are required.
Those interested in protecting their systems with Blink can download an evaluation by visiting:
www.eeye.com/blink
This alert was last updated on January 2, 2006.
December 30, 2005
Severity:
High
Overview:
Over the last few days, several media outlets and information security vendors have alerted users to the existence of a "zero day" vulnerability affecting Windows XP SP2 and other versions of Microsoft Windows. Exploitable via both Internet Explorer and Firefox (as well as email), this vulnerability is found in the Windows Graphics Rendering Engine and allows for remote code to be executed on the affected system. "Zero Day" vulnerabilities are those which are publicly disclosed prior to the existence of proper remediation or mitigation steps.
Please Note: While this vulnerability is found in the same component as one patched by Microsoft in Security Bulletin MS05-053, which was discovered by eEye Digital Security and described in a detailed vulnerability analysis, it is not the same issue and currently there is no patch available. Microsoft has released a Security Alert, available on their website.
What eEye Customers Should Know
Windows 98, Windows ME, Windows 2000, Windows XP, and Windows 2003 are all affected, with no patch being made available yet. The Windows Graphics Rendering Engine is vulnerable, exploitable via a malicious website or other HTML document that contains a maliciously crafted WMF file that, if successful, will run arbitrary commands on a remote system. When the system is exploited, it will run arbitrary commands in the context of the logged-in user.
Users of Internet Explorer can be exploited in an automated fashion. Users of Mozilla Firefox, while still at risk, are less vulnerable, as they would need to download and execute a malicious WMF file.
It has been reported that this vulnerability is being used to distribute spyware. As always, users should take precautions to not click on web links sent to them in unsolicited emails and take note of what websites they are visiting.
Prevention:
eEye Digital Security's Research Team, after a detailed analysis of this flaw, has confirmed that eEye's Blink® Endpoint Vulnerability Prevention protects from the potential exploitation of this flaw, without requiring invasive firewalling, which could limit system functionality. Additionally, Blink does not require the killing of services or applications as a means of protection. The result is 100% protection, with zero downtime or impact to operations.
Current Blink customers aren't required to do anything to realize the protection from this flaw. No updates or policy changes are required.
Those interested in protecting their systems with Blink can download an evaluation by visiting:
www.eeye.com/blink
This alert was last updated on January 2, 2006.
