For the second time this week, hackers have posted a sample of code that could be used to attack a Windows machine that has not been updated with the most recent Microsoft security patches. On Tuesday the French Security Incident Response Team (FrSIRT) posted a sample of a maliciously encoded image file that could be used by attackers to grind a Windows PC to a halt.This latest example exploits a critical vulnerability in the way that Windows processes files saved in the Windows Metafile graphics format. Metafile is a graphics format used by CAD software. Files that use this format have either a .wfm or .emf extension.
“The crafted metafile from this code when viewed in Internet Explorer raises the CPU utilization to 100 percent,” the FrSIRT advisory states.
The advisory did not say which versions of Windows are at risk from this software, but it noted that the code had been tested on Windows 2000 Server, Service Pack 4. The Windows Metafile problems affect virtually all supported versions of Windows, according to Microsoft’s Web site.
Microsoft believes that this code could be used to effectively rendering a machine unusable, something called a denial of service (DoS) attack, but it can not be used to take over an unpatched computer, the software vendor’s public relations agency said in a statement.
Microsoft fixed this Metafile bug in its MS05-053 security update, released on 8 November, so customers who have not yet applied this patch are the only ones at risk from this new attack.
Earlier this week, hackers released code that took advantage of a second Windows security hole, which was patched in October. That software exploited a flaw in the Microsoft Distributed Transaction Coordinator (MSDTC), a component of the operating system that is commonly used by database software to help manage transactions.
The MSDTC attack software could be used to knock Windows systems out of operation, according to Microsoft’s statement. Code that took advantage of this flaw has been in circulation since mid-October, but had not been posted on a public website before this week.
Microsoft is not aware of any active attacks that use either of these malicious code samples, the statement said.