Hackers Release Attack Code for Microsoft Bug

By Dave Nixon

Almost immediately hackers have posted attack code for Microsoft Works only a day after the company had issued a large bundle of security patches.

The proof-of-concept code, posted on the Milw0rm website, takes advantage of a bug in the Microsoft Works file converter software that is part of Office 2003 and can be leveraged to run illicit software on a victim’s computer.

Additionally the flaw affects Works 8 and Works Suite 2005. A\victim would first have to open a malicious Works attachment in order to be subjected to the attack.

Hackers have revealed numerous file-format bugs in recent years and they are commonly not utilised in extensive attacks. Indeed, security vendor Symantec envisage that we’ll witness less of these attacks in the months ahead as online criminals progressively more rely on browser bugs to carry out their attacks.

“The bad guys, they’re looking for different ways to trick people,” said Wayne Periman, director of development with Symantec Security Response. “The popular method of choice is to exploit plugins in browsers right now.”

Nevertheless, Periman anticipates criminals to undertake this latest attack code. “It’s so simple,” he said. “All you have to do is get someone to open the document.” However, Symantec had yet not seen any signs of attackers taking advantage of any of the flaws that Microsoft fixed this week.

The software vendor released 11 sets of patches this week, fixing 17 flaws in its products, but this is the earliest exploit code to pop up following Tuesday’s updates. A second program exploiting one of these vulnerabilities, an ActiveX control used by the Visual FoxPro database, was posted to Milw0rm in September, months before Microsoft patched the issue.