On December 15th the flaw was disclosed .It is confirmed by Microsoft also, just hours after the publication of an attack code for Metasploit. Windows XP, Vista, Server 2003 and 2008 operating system a new security hole has been discovered, however Windows 7 and Server 2008 R2 are not affected. The publisher announced that a security patch is under development. But the firm does not currently distribute a patch outside of its monthly patch cycle. To reduce the risk of exploitation, Microsoft recommends that administrators change the ACL (Access Control List) file shimgvw.dll. From company the issuance of a corrective is pending , the publisher recommends a temporary workaround to protect PCs against potential attacks. It is to add more restrictions to the file “shimgvw.dll”, the component that handles the preview images in Windows but requires users to enter a string at a command prompt. It also means that “the media files usually handled by the graphics rendering engine will not be displayed properly,” as indicated by the Microsoft company.
The vulnerability lies in the graphics rendering engine of Windows (GRE) Microsoft said. It allows operating the system preview of Windows to run code on a vulnerable machine and so install programs, modify data or create user accounts with administrator rights.
266 vulnerabilities addressed by Microsoft in 2010: This vulnerability is not new since it was unveiled December 15, 2010 at a security conference that was held in South Korea. This is the publication of an exploit to the Metasploit software that likely forced Microsoft to publish a bulletin and thus confirm the existence of the flaw in the OS. Indeed, this report was posted just hours after the publication by Joshua Drake code to Metasploit, a popular tool for penetration testing. According to Microsoft, this new vulnerability, however does not the object of attack.
Several fixes for Internet Explorer are already expected from Microsoft. Its Office software is also the subject of attacks this week acknowledged the editor, while recalling that the vulnerability exploited is corrected for several weeks.
Attackers may send users of malicious Word or PowerPoint documents containing an infected thumbnail, that they are open or even just previewed, would give access to use their PCs, Microsoft said. According to the scenario, hackers can hijack PCs if they manage to push users to display a thumbnail infected on a folder or a shared network drive, or even via a system of sharing files online WebDAV. This vulnerability allows remote code execution. An attacker who successfully exploited this could take complete control of an affected system, the report on Microsoft security revealed.
To exploit the vulnerability in the color table of the image file, the number of color index is changed to a negative number, said Johannes Ullrich, director of research at the SANS Institute.