New Windows Flaw Discovered

This story was written by CBS News technology consultant Larry Magid
Security researchers have discovered a flaw in Microsoft Windows that makes users especially vulnerable to spyware and other malicious software that could jeopardize their computer security.

Microsoft, on Thursday said it was investigating the matter but as of Friday morning had not issued any fixes or patches. The Department of Homeland Security's Computer Emergency Readiness Team's (CERT) webpage reported Thursday, "We are currently unaware of a practical solution to this problem."

The problem lies in a flaw in the way Windows handles graphic metafiles – data files that help software render certain types of graphic images on your computer. The particular files at risk end in WMF but it's possible for an attacker to rename them.

It is very similar to a flaw that Microsoft fixed in November however there is now code out that can affect systems even if they have been patched.

CERT says that an exploit of the flaw "may allow remote arbitrary code execution." In other words, an attacker could take remote control of your computer.


Technology Consultant Larry Magid speaks with Trend Micro's David Perry about the latest security flaw in Microsoft Windows.


The most likely scenario, however, is that the flaw will be used to put spyware on Windows machines. Spyware, also known as ad-ware, refers to malicious programs that pop-up unwanted advertising. In addition to being annoying, they can also slow down your computer and they can, in some situations, make you vulnerable to other problems, including security risks.

David Perry of anti-virus company Trend Micro says that there are "58 variants of a Trojan that plants itself through the Windows Metafile function that are being used mostly for ad-ware purposes to track your browsing habits or pop-up ads." The format, says Perry, "contains a tiny downloader" that can allow an attacker to come in later to run remote code.

Perry says that this is mainly an "ad-ware play." One symptom is that you may see a report telling you you're affected by spyware and advising you to click on a link to download software.

Unlike a worm, this flaw is not self-replicating so it isn't likely to infect an enormous number of systems. Although the flaw is considered severe, it is not nearly as widespread as many other viruses and worms.

Perry says that his company's software will detect the malicious programs that exploit the flaw.

It is possible to be infected by visiting a website that has an infected image so the best advice is to surf carefully and avoid sites that you don't trust. It's also a good idea not to click on links in email from untrusted sources and avoid opening graphic files if you're not sure where they came from.

It's also a very good idea to make sure that you are running up-to-date anti virus software and anti-spyware software. Microsoft has a free anti-spyware program on its Website and there are other commercial and shareware anti-spyware programs including SpyBot Search and Destroy that you can download for free from Download.com.



A syndicated technology columnist for more than two decades, Larry Magid serves as on air Technology Analyst for CBS Radio News. His technology reports can be heard several times a week on the CBS Radio Network. Magid is the author of several books including "The Little PC Book."

By Larry Magid

Featured in SciTech