(MSPAlliance) – Monday, April 24, 2006 – A defect in Microsoft Windows was called the “greatest security threat ever” in < ?xml:namespace prefix = st1 ns = “urn:schemas-microsoft-com:office:smarttags” />Europe last year. The problem was in Microsoft WMF (Windows Metafile) files, and resulted from a buffer overflow originating in the Windows graphics rendering engine that processes WMF files.
WMFs contain program code, so if custom abort code is added to these graphic files that is designed to exploit buffer overflow, the engine will automatically execute it. WMF files are used virtually everywhere, mostly embedded within e-mail and Web sites, causing great concerns for the IT security threat that the WMF defect posed.
The problem dates back to an ancient version of Windows, 3.0, which was produced in 1990 before Microsoft had implemented sophisticated security features. Last December, F-Secure found hackers planting Trojans by exploiting the WMF defect. Soon, hackers started hundreds of Web sites exploiting the WMF flaw in order to launch zombie networks for spam, phishing, denial of service attacks and advertising scams.
Since the Internet arrived without built-in authentication, there is no way to identify the WMF attackers. Businesses can collaborate to implement authentication schemes, but it will still not be possible to identify most hackers until the new version of Internet Protocol (IPv6) is generally adopted years from now.