Microsoft Releases Scanning Tool Scanning Tool Available for GDI+ Vulnerability Sean Michael Kerner
As part of Microsoft's update package released this week to patch numerous vulnerabilities, the company included the MS04-028 Enterprise Scanning Tool. The tool is intended to help enterprises identify and apply updates specific to the MS04-028 security bulletin regarding a Buffer Overrun in JPEG Processing (GDI+).
According to a Microsoft spokesperson, the company issued the new tool in response to enterprise customer feedback about difficulties in scanning and patching for MS04-28. It is not intended for use in environments where enterprises already have an update management tool like Microsoft Systems Management Server (SMS) in place.
The MS04-028 Enterprise Scanning Tool allows system admins to scan their networks to identify potentially vulnerable machines. It will then automatically apply the appropriate MS04-028 updates, which were issued
Sept. 14, from a LAN (define) share. The following week, proof of concept exploits for the flaw began circulating.
The MSO4-28 bulletin describes a critical flaw of a remote code execution vulnerability when users open a JPEG (define) image file on an unpatched Windows PC. Utilizing a number of widely distributed tools, a
hacker may create a JPEG that, when rendered, causes a buffer overrun and could potentially allow the intruder access to the user PC via a Trojan or
other such malware (define).
Hackers know that Trojans work when unsuspecting users click or open the delivery mechanism while on unpatched PCs. That's exactly what they hope happens with the latest Trojan making the round this week, this time using the image of British soccer player David Beckham as bait.
Security researchers at Sophos and elsewhere have found thousands of instances of the Trojan bait, which claim to show Beckham in a compromising position.
The message reads, "David Beckham of Real Madrid was caught by photographers with his pants down. Early in the morning he was photographed with a Spanish hooker in a rather compromising position. Photos yet to hit the newspapers have been released here."
"Hackers and virus writers will try all kinds of tricks to entice people into downloading their malicious code," said Graham Cluley, senior technology consultant for Sophos, in a statement. "Now they are trying to suggest that England's football captain David Beckham has been playing away from home. The public's appetite for salacious gossip about the private life of the Beckhams might lead some into an unpleasant computer infection."
According to a Microsoft spokesperson, this particular attack is not exploiting any new Microsoft vulnerability, bur rather is relying on users with unpatched PCs to deploy. If users stick to the basic steps of protecting their PCs, there is less risk from these types of attacks.
"There are some really basic guidelines that customers can follow that will help protect them on the Internet from all sorts of attacks, including the Trojan that entices users with news of Beckham," the Microsoft spokesperson said. "To protect your PC, Microsoft continues to recommend that all customers follow the three prescriptive measures outlined at www.microsoft.com/protect. Windows XP SP2 already incorporates the key steps of Protect Your PC."
