Attacks begin against critical Patch Tuesday bug

Only version of Windows not at risk is the unfinished Windows XP SP3

Hackers are trying to exploit a critical Windows vulnerability just patched on Tuesday, security researchers said this afternoon -- and the only version of Windows not at risk is the unfinished Windows XP SP3.

Fortunately, attack incompetence means that these initial sorties have been unsuccessful, Symantec said in a brief warning to customers of its DeepSight threat service. "The DeepSight honeynet has observed in-the-wild exploit attempts targeting a GDI vulnerability patched by Microsoft on April 8, 2008," said Symantec in its alert.

On Tuesday, Microsoft patched two bugs, both pegged as "critical," in Windows' GDI, or graphics device interface, one of the core components of the operating system. According to Microsoft, every current version of Windows, including the very newest, Vista Service Pack 1 (SP1) and Server 2008, is open to attack.

The vulnerabilities can be triggered by malformed WMF (Windows Metafile) or EMF (Enhanced Metafile) image files, Microsoft noted in its accompanying advisory .

Analysts on Tuesday fingered the GDI bugs as the most dangerous of the 10 disclosed and patched by Microsoft that day. They noted similarities between the two new vulnerabilities and others revealed in late 2005, which were extensively exploited by attackers for months afterward.

Amol Sarwate, manager of Qualys Inc.'s vulnerability research lab, said at the time that he expected attackers to quickly begin leveraging the bug. "Users who simply view an image online or in e-mail could be compromised," he said.

Thursday, Symantec said it had spotted three different Web sites hosting malicious WMF/EMF image files that were targeting one of the two GDI bugs. However, those images weren't able to exploit the flaw. "Analysis of the images has shown that although [they] appear to be malicious, they do not contain enough data in the associated image property to sufficiently trigger the vulnerability," read Symantec's warning. "We are still investigating the issue as to why this may be the case."

The security company urged users to apply the GDI patches pronto if they have not done so already. "These attack attempts highlight the severity of this issue and it is only a matter of time before new images that successfully trigger the issue are observed in the wild," Symantec concluded.

Ironically, the only version of Windows not vulnerable to attack is XP Service Pack 3 (SP3), the still-not-released final update to the aged operating system. Hidden in the MS08-021 security bulletin was the sentence: "Windows XP Service Pack 3 is not affected by this vulnerability."

Windows XP SP3's release date remains a mystery. Although Microsoft has not budged from its "first half of 2008" public statements, others have speculated that the service pack will wrap up later this month. One Web site, which correctly predicted release dates for Vista SP1, has pegged XP SP3's roll-out as coming in the second half of April.

Microsoft's GDI patches can be downloaded and installed via the Microsoft Update and Windows Update services, as well as through Windows Server Update Services.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Gregg Keizer

Show Comments


James Cook University - Master of Data Science Online Course

Learn more >


Sansai 6-Outlet Power Board + 4-Port USB Charging Station

Learn more >



Back To Business Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?