Microsoft has just released limited details regarding a new flaw affecting their windows operating system. The vulnerability could allow hackers to install programs, view, alter or delete data, create new accounts with full user rights and essentially take control of the target machine if the user is logged in with administrative privileges. This news comes as another headache for Microsoft’s IT Support network with concerns arising over the security of Internet Explorer.
The problem regards the systems Graphics Rendering Engine which would allow a hacker, following a careful series of actions, to gain partial or full control of a computer. The strategy involves sending an email with an attached Microsoft Word or Power Point document, within which would be contained a specifically engineered thumbnail. The user would then be coerced to open this thumbnail, which would trigger the attack. Alternatively, the image could be placed on a network with potential victims having to browse the image location on Windows Explorer.
The flaw affects Windows XP Service Pack 3, XP Professional x64 Edition Service Pack 2, Server 2003 Service Pack 2, Server 2003 x64 Edition Service Pack 2, Server 2003 with SP2 for Itanium-based systems, Vista Service Pack 1 and Service Pack 2, Vista x64 Edition Service Pack 1 and Service Pack 2, Server 2008 for 32-bit, 64-bit, and Itanium-based systems and Service Pack 2 for each.
Microsoft did however state that it is not aware of any active attacks which are exploiting the problem, a spokesman stating that,
“Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers,” he continued, “This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.”
This revelation also comes at a time when Google security engineer Michael Zalewski has entered into an argument with Microsoft chiefs over the timeline of recorded correspondences with the firm, regarding the results of his new ‘fuzzing’ tool, referred to as the ‘cross fuzz’ which has exposed over 100 bugs in the 5 major browsers, Firefox, Internet Explorer, Chrome, Opera and Safari. Though reports suggest the operators of the other systems, Mozilla, Apple and Google, where receptive to Zalewski’s findings, the Google worker has accused Microsoft of dragging their feet over providing patches for the flaws that are reported.
In further news, Statcounter has released an end of year report which also suggests that Mozilla Firefox has overtaken Internet Explorer as Europe’s most popular internet browser. Though their findings differ considerably from a similar Net Applications review, the findings suggest a considerable slide from 44.91% to a 35.54% share. The data should perhaps be taken with a pinch of salt, but could signify a shift in browsing habits, both reports corroborating on a significant increase in the use of Google’s lighter and faster Chrome program.