News

Microsoft Scrambling to Patch Exploit

By Scott M. Fulton, III | Published November 1, 2006, 1:00 PM

This morning, Microsoft Security announced it has been alerted to proof-of-concept code that may already have been referenced in the creation of a malicious exploit.

Although details about the exploit itself have not yet be revealed, according to this morning's advisory, the point of weakness is a Windows library that is shipped with Visual Studio 2005, called wmiscriptutils.dll. Apparently a call to this library, placed from within a script executed in some installations of Internet Explorer 7 with default settings, on operating systems other than Windows Server 2003, can trigger possible unguarded remote malicious code execution.

"WMI" refers to Windows Management Instrumentation, which is Microsoft's system for making thousands of different points of constantly measured performance data accessible to outside programs. In this case, the dynamic link library in question is not WMI itself, but a collection of functions referred to as the "WMI object broker," that make WMI data more readily accessible to scripts written from within Visual Studio.

Many Windows systems have WMI installed, especially in the workplace where they may be actively monitored by tenacious system administrators. However, only development systems that use WMI will have this particular library file, which significantly reduces the number of computers in which the exploit may be effective.

Security companies have yet to analyze this threat, especially with details being kept confidential for now.

This is not the first time this particular library file has been the target of an exploit. Early this year, proof-of-concept code was published concerning an exploit that could enable remote code execution through misappropriating the CreateObject statement for invoking COM objects involved with Data Access Components (DAC). WMIScriptUtils.WMIObjectBroker2.1 was one of those objects.

Last April, Microsoft responded with a series of updates to all Data Access Components modules, in an attempt to thwart any such exploitation to the entire library set. There's no indication at this time that the earlier exploit is related to the current one.

Comments

View comments by with a score of at least

x-ray
Nov 1, 2006 - 2:06 PM

Bulls***, update update, make me and my bank/games/site codes safe

Score: 0

|
Post Reply
Metshrine
Nov 1, 2006 - 3:38 PM edited

However, only development systems that use WMI will have this particular library file, which significantly reduces the number of computers in which the exploit may be effective.

Perhaps you should read, ONLY DEVELOPMENT SYSTEMS WITH THIS WMI FILE ARE EXPLOITABLE. Do you have VS installed or a development suite which installed this file? If not, then you are safe.

Score: 0

|
Post Reply
bsf
Nov 1, 2006 - 10:00 PM

maybe I should un-install my VS suite...
I haven't been using forever since I changed jobs lol

Score: 0

|
Post Reply

Microsoft's Ray Ozzie: 'Nobody's going to be 100% open'

The mobile apps ecosystems of the world may converge over time, led by apps being ported over across platforms, according to the Chief Software Architect.

Will Firefox beat IE9 to Direct2D rendering?

Just days after Microsoft executives gave conference attendees a peek at a new rendering technology, a Mozilla contributor revealed he's working on the same thing.

Where there's smoke: Apple warranty stance raises troubling questions

Carmi Levy | Wide Angle Zoom: Smoking can be dangerous not only for your lungs, it appears, but for your Apple hardware warranty.

AOL's decision to rebrand as Aol. takes a bad brand and makes it worse

The idea behind the social Web is to crowd source before bringing out something new. But not at AOL, which new logo debuted with a cry of "fail!" across the blogosphere and Twittersphere today.

Microsoft 'worked with Apple' for Silverlight on iPhone, says Goldfarb

By not making such a big deal out of trying to stream video to the iPhone, Microsoft got a big deal out of it, revealed the Silverlight product manager.

Clicker.com cuts through the Web video chaos

In a world where homemade video and Hollywood movies travel the same pipeline, it's good to have a real search engine to cut through the clutter.

A case study in improving software: What Office 2010 can learn from Notion 3

A music composition product gambles with a complete overhaul, in an effort to make headway against two well-known competitors in a tough market.

Kindle 2 update adds battery life, native PDF reader

Amazon has pushed out an update to the Kindle 2 e-reader that lengthens battery life and adds a native PDF viewer.

Safari on iPhone gets competition from a $1 browser app

Apple likes to say it gives iPhone users a full browsing experience, but a new competitor tries to incorporate more desktop browser features.

Action Replay maker sues Microsoft for Xbox 360 'predatory technological barriers'

Third-party video game accessory maker Datel has filed an antitrust lawsuit against Microsoft over the Xbox 360's recent Dashboard update.

Microsoft's Bob Muglia and Ray Ozzie on Silverlight vs. standards

Bob Muglia: "We're trying to provide people with an environment that has capabilities that you just simply can't do today in the standards-based world."