Just days after Microsoft fixed a hole discovered in its Windows Media Player, security firms report exploits are now targeting the vulnerability.
Researchers with the French Security Incident Response Team (FrSIRT) published two exploits targeting a bug in versions of the Microsoft Media Player.
The flaw could enable attackers to seize control of computers running Microsoft Windows. Perpetrators can then leverage the exploit for anything from identity theft to stealing financial data stored on computers.
“Once these patches come out, it starts the clock for the bad guys,” Marc Maiffret, co-founder of eEye Digital Security, the company that discovered the media player flaw.
It’s very important that consumers update their systems with Microsoft’s patch MS06-005, urged Maiffret. The patch fixes the vulnerability used by the current exploits.
“The bad part is the exploits were released so quickly, most people haven’t patched them yet,” Maiffret told internetnews.com.
Although corporate users have entire IT departments devoted to ensuring the security of company computers, the race to apply patches is being lost to rapid exploit production.
New tools are emerging that make it possible for attackers to compare the patched application against an unpatched version and quickly create an exploit based on the difference.
“For large organizations, it’s just infeasible,” Maiffret says. “One day is pretty fast.”
Another reason for the increasing speed with which security flaws are exploited is the changing target of attacks.
Concentration has shifted away from the operating system to file formats (in the case of Windows Media Player, bitmaps) more associated with consumer-oriented applications.
Flaws in both Windows Media Player and Windows Metafile (WMF) graphic formats rely on social engineering to get users to visit a malicious Web site or open a specially-crafted email.
Often, users patching individual security flaws in applications cannot keep pace with attackers competing to quickly release exploits.
The onus is on vendors who issue fixes to cover broad areas of vulnerabilities. Rather than patching Windows Media Player, Microsoft and others need to focus on the generic risks from buffer overruns, said Maiffret.