NOW READ THIS
("Security Advisory")
Submitted by: Bill Hickey
NCVA List Master
NRT-0331 TIFF Flaw Exposes Older Windows Versions:
Attack code has been published that could be used to exploit a critical bug in some
versions of Windows. Microsoft patched the flaw, which affects older versions of
Windows, on 09OCT. Vulnerable unpatched systems can be exploited by sending a
specially-crafted TIFF file to targeted users, and then getting them to open it.
When the Windows Image Viewer tries to sopen a subverted TIFF file, it can be tricked
into running unauthorized software on the PC. A sample of the exploit was posted
Monday to the Milw0rm Web site.
AS of 29OCT, Symantec had yet to find any use of the exploit code in online attacks.
Symantec recommended, however, that Windows users install the MS07-055 update as
soon as possible. Microsoft took the unusual step of issuing its own security update
for Kodak's software, because the image viewer (formerly known as the Wang Image Viewer)
had shipped in Windows 2000 systems by default.
Many Windows users are not affected by the problem. Windows XP and Windows Server 2003
users should not have the software installed on their PCs, unless they downloaded it
directly or upgraded from Windows 2000. Windows VISTA users are not affected by the bug.
Users would have to open the TIFF file using the Kodak Image Viewer for the attack to
work. Becuase most PCs are set to automatically open TIFFs using some other piece of
software, it is unlikely that an attack would succeed. The sample attack code affects
the Korean language version of Windows, but it could be easily modified to affect other
versions of the software, according to the report.
(www.techworld.com 30OCT07)