eEye | Antivirus, Antispyware & Vulnerability Management Solutions - eEye Digital Security Discovers Two New Critical Security Flaws for Windows

News

eEye Digital Security Discovers Two New Critical Security Flaws for Windows

Microsoft to issue one patch during November update to correct similar metafile overflow vulnerabilities discovered by security leader eEye

(ALISO VIEJO, CA) November 08, 2005 — eEye Digital Security®, a leading developer of network security and vulnerability management software solutions, as well as the industry’s foremost contributor to security research and education, today announced details for two new critical vulnerabilities related to Microsoft (NASDAQ: MSFT) Windows®. If not immediately resolved, these security flaws can be detected and exploited remotely with the potential to cause serious damage, allowing an attacker to take complete control of an affected system and execute harmful action remotely, including installing programs, viewing, changing, or deleting data, and creating new accounts with full privileges. Both flaws involve metafile overflows and affect the Windows 2000 Operating System, which is currently found in a large percentage of business systems running Windows today. The critical discoveries also affect Windows Server 2003, Windows NT 4.0 and Windows XP machines. Microsoft will resolve both vulnerabilities with one patch during its November update.

Those organizations that are utilizing eEye’s Retina® Network Security Scanner can immediately scan for affected systems. Organizations that have deployed the Blink® Endpoint Intrusion Prevention System have been protected against these vulnerabilities since their discovery several months ago and can postpone patching to regularly-scheduled maintenance cycles.

“Given the enormous installed base of the affected programs in this month’s patch, it’s imperative that network administrators continue to scan their networks to identify vulnerable systems and take corrective action,” said Marc Maiffret, eEye’s co-founder and chief hacking officer. “Attacks exploiting vulnerabilities like these are costing enterprises millions of dollars annually in lost productivity and business disruption, particularly when non-scheduled patching is required. We continue to encourage enterprises to upgrade operating systems or deploy non-signature-based intrusion prevention systems in an effort to move back to regular patch-cycle maintenance.”

The first remotely exploitable security vulnerability is a graphics rendering issue that exists in Enhanced Metafile (EMF) and Windows Metafile (WMF) extensions within default installations across Windows 2000, Windows NT 4.0 and Windows Server 2003 platforms. The flaw was reported March 29—more than 200 days ago—and has been marked with a “high” severity rating by Microsoft, as it allows malicious code to be executed with minimal user interaction through commonly used media, such as HTML, email, a link to a web page or instant messenger. Specifically, it contains integer overflow flaws in the way the Windows Graphical Device Interface (GDI) processes EMF and WMF images that can lead to exploitable overflows through a number of specifically crafted metafile structures, allowing an attacker to execute code on an affected system at a user privilege level.

The other critical discovery is very similar, a high-risk heap overflow in WMF that was also discovered by eEye and will be only 68 days old when patched. It affects Windows 2000, Windows NT 4.0, Windows XP and Windows Server 2003 machines. The flaw also uses the code in GDI32.DLL that allows arbitrary code execution as a user attempts to view a malicious image. Similarly, an attacker who successfully exploits this vulnerability could take complete control of an affected system.

eEye Digital Security, a leading contributor to network security research, regularly identifies vulnerabilities and provides specific advisories on how enterprises can secure them. While Microsoft is addressing only two vulnerabilities with this month’s patch update, eEye’s upcoming advisories’ page continues to list six other discovered flaws related to Microsoft platforms, including five that are considered high risk as they can be remotely exploited. The oldest vulnerability in that list was discovered and reported 187 days ago. For more information about upcoming advisories, please visit http://www.eeye.com/html/research/upcoming/index.html.

Today’s announcement marks the second and third vulnerabilities discovered by eEye’s research team to be patched in the past week, following a similar notification by Macromedia Flash Player on Friday, November 4, 2005. The high-risk memory access flaw affected Macromedia Flash 6 and 7 on all Windows platforms and was remediated 130 days after its discovery in June. The vulnerability will allow an attacker to run arbitrary code via the SWF file as a logged-in user. Additionally, two more eEye-discovered critical flaws for the RealNetworks media player are expected to be patched by RealNetworks on Thursday.

About eEye’s Security Research Team
Over the last five years, eEye has been recognized by industry experts as the preeminent organization in the discovery of the most critical vulnerabilities in various platforms and applications, including the vulnerabilities subsequently leveraged by the Sasser, Witty, Code Red and Sapphire worms, as well as the Microsoft ASN vulnerability and hundreds of other important discoveries. This expertise gives eEye a distinct advantage in designing services and software solutions for the assessment, remediation and prevention of vulnerabilities and the attacks that leverage them.

As a service to the network security community, eEye's Research Team - headed by Marc Maiffret, eEye's co-founder and chief hacking officer - conducts a Vulnerability Expert Forum web seminar during the second week of every month. To accommodate our customers and partners worldwide, eEye hosts two sessions. These Vulnerability Expert Forums enable participants to stay current on the potential risks and remediation requirements, such as those announced today, by exploring the effect that high-risk vulnerabilities and exploits have on network environments and infrastructures. To register for the November Vulnerability Expert Forums, visit: http://www.eeye.com/html/events/online_seminars/vef.html

eEye's integrated family of vulnerability management solutions helps IT and security professionals confidently safeguard their valuable digital assets. Working in conjunction with popular tools such as firewalls and intrusion detection systems, eEye's products include: Retina® Network Security Scanner, REM™ Security Management Console, Iris® Network Traffic Analyzer, SecureIIS™ Web Server Protection, and Blink® Endpoint Intrusion Prevention System.

About eEye Digital Security

eEye Digital Security is the global leader in a new class of security solutions: comprehensive vulnerability management and zero-day endpoint security protection. eEye enables secure computing through world-renowned research and innovative technology, supplying the world's largest businesses with an integrated and research-driven vulnerability assessment, intrusion prevention, and client security solution. eEye's research team is consistently the first to identify new threats in the wild and our products leverage that research to deliver the insights and tools necessary to protect our customer's operating environments. For more information, please visit http://www.eeye.com

Primary Press Contact

Victor Cruz
MediaPR
(401) 349-3369 vcruz@mediapr.net

EMEA Press Contact

Ralph Klöwer
INTERFACE Relations
+49 (0) 89-552 688-66 r.kloewer@interface.pr.de