Microsoft Releases Scanning Tool

As part of Microsoft’s update package
released this week to patch numerous vulnerabilities, the company
included the MS04-028 Enterprise Scanning Tool.

The tool is intended to
help enterprises identify and apply updates specific to the MS04-028
security bulletin regarding a Buffer Overrun in JPEG Processing (GDI+).

According to a Microsoft spokesperson, the company issued the new tool in
response to enterprise customer feedback about difficulties in scanning
and patching for MS04-28. It is not intended for use in
environments where enterprises already have an update management tool like
Microsoft Systems Management Server (SMS) in place.

The MS04-028 Enterprise Scanning Tool allows system admins to scan their networks to
identify potentially vulnerable machines. It will then
automatically apply the appropriate MS04-028 updates, which were
issued
Sept. 14, from a LAN share. The following week, proof of concept exploits for the flaw began
circulating.

The MSO4-28 bulletin describes a critical flaw of a remote code execution
vulnerability when users open a JPEG image file on an
unpatched Windows PC. Utilizing a number of widely distributed tools, a
hacker may create a JPEG that, when rendered, causes a buffer overrun and
potentially allows the intruder access to the user PC via a Trojan or
other such malware .

Hackers know that Trojans work when unsuspecting users click or open the
delivery mechanism while on unpatched PCs. That’s exactly what they hope
happens with the latest Trojan making the round this week, this time using
the image of British soccer player David Beckham as bait.

Security researchers at Sophos and elsewhere have found thousands of
instances of the Trojan bait, which claim to show Beckham in a
compromising position.

The message reads, “David Beckham of Real Madrid
was caught by photographers with his pants down. Early in the morning he
was photographed with a Spanish hooker in a rather compromising position.
Photos yet to hit the newspapers have been released here.”

“Hackers and virus writers will try all kinds of tricks to entice people
into downloading their malicious code,” said Graham Cluley, senior technology consultant for Sophos, in a
statement. “Now they are trying to suggest
that England’s football captain David Beckham has been playing away from
home. The public’s appetite for salacious gossip about the private
life of the Beckhams might lead some into an unpleasant computer
infection.”

According to a Microsoft spokesperson, this particular attack is not
exploiting any new Microsoft vulnerability, bur rather is relying on users
with unpatched PCs to deploy. If users stick to the basic steps of
protecting their PCs, there is less risk from these types of attacks.

“There are some really basic guidelines that customers can follow that
will help protect them on the Internet from all sorts of attacks, including
the Trojan that entices users with news of Beckham,” the Microsoft
spokesperson said. “To protect your PC, Microsoft continues to recommend
that all customers follow the three prescriptive measures outlined at
www.microsoft.com/protect. Windows XP SP2 already incorporates the key
steps of Protect Your PC.”

News Around the Web