The Web    Google
Security Firms Sound Alarm on Latest Microsoft Flaws

Security Firms Sound Alarm on Latest Microsoft Flaws
December 27, 2004

New critical flaws in Microsoft (Quote, Chart) Windows have sent security experts scrambling to warn users of the ubiquitous operating system.

Numerous security vendors, including and , issued warnings about the flaws after Chinese security group Xfocus last week. But as of Monday, Microsoft had not provided patches for the flaws.

Xfocus found that a buffer overflow exists in the LoadImage API of the USER32 Lib, enabling attackers to write and send a custom file within an HTML page or in an e-mail that would allow them to run arbitrary code on a computer.

XFocus also reported a hole in winhlp32.exe, the Windows .hlp file parsing program. The vulnerability is forged from a decoding error within the .hlp header. A perpetrator can exploit the flaw by triggering a heap-based buffer overflow.

Both the LoadImage and .hlp overflows may affect Windows NT, Windows 2000 SP0, SP1, SP2, SP3, SP4, Windows XP SP0, XP SP1 and Windows 2003. But the winhlp32.exe bug is more inclusive, affecting Windows XP SP2, as well.

Overflow flaws occur when a computer's memory is exceeded. This makes it possible for attackers to run their own code on a PC. Overflows are some of the most common exploits in the Redmond, Wash., software giant's operating systems software.

While Microsoft hasn't acknowledged the bugs publicly, security firm Symantec suggested users set virus definitions to include the Bloodhound.Exploit.19 signature, preventing the LoadImage overflow. A .hlp overflow can be avoided if users block e-mail attachments with an .hlp extension and avoid sites or e-mail messages of questionable origin.

In other Microsoft flaw news, Xfocus said a malicious intruder can use a bug in Windows' animated cursor files (ANI) to crash or virtually seize a PC. Like the LoadImage overflow, this Windows Kernel ANI File Parsing Crash and DoS Vulnerability affects Windows NT, Windows 2000 SP0, SP1, SP2, SP3, SP4, Windows XP SP0, XP SP1 and Windows 2003.

Symantec today warned of Phel.A, a Trojan horse that affects Windows XP SP2. The flaw distributes as an HTML file that attempts to exploit a flaw in IE. The Trojan may be stymied with virus definitions from Symantec, found .

  • Securing the DoJ
  • Feds Bag Warez Convictions
  • Sun Plays New Security Card with VeriSign
  • House Passes Federal Anti-Spam Bill
  • How to Protect Against Identity Theft
  • I've Been Framed
  • 5/3: SymbOS/Locknut-C Infects Handsets
  • Stomping Out Spam: The Spam Series, Part 1
  • 4/29: Bropia-AJ Worm Messages IM Users
  • SunGard to Spin Off Disaster Recovery Biz
  • Nine out of 10 U.S. Emails Now Spam
  • Cheap Security Camera