Attackers Target Patched Windows Media Player Vulnerability
Attackers are going after a recently patched vulnerability in Windows Media Player (WMP), and users do not seem to be keeping up with the threat.
According to security researchers, the flaw, CVE-2012-0003, is being targeted by exploits currently in the wild. The flaw rests within the winmm.dll in WMP’s Windows Multimedia Library in Windows XP SP2 and SP3, as well as Windows Server 2003 SP2, Vista SP2 and Server 2008 SP2. If successfully exploited with a malicious MIDI file, an attacker could use it to remotely launch arbitrary code.
The vulnerability was patched with the release of MS12-004, which came out Jan. 10. However, Qualys CTO Wolfgang Kandek told SecurityWeek that roughly 70 percent of the machines the company has scanned remain vulnerable to the bug. That number is based on scans of more than 100,000 machines per day. The patch also fixes a vulnerability caused when filters in DirectShow fail to properly handle specially-crafted media files. DirectShow is a part of DirectX, a set of low-level Application Programming Interfaces (APIs) used by Windows programs for multimedia support.
“If for whatever reason you haven’t applied the critical January 2012 security update from Microsoft, now you really need to,” blogged Shane Garrett, of IBM’s X-Force Research team.
“In addition to the appearance of live exploitation, detailed discussion of the vulnerability details and methods of exploitation have been seen,” he added. “The relatively low complexity of locating the vulnerability will doubtlessly lead to more malware targeting it.”
“Microsoft has already issued an update to address this vulnerability during the last patch Tuesday, so our first advice to users is to patch their system with the Microsoft security update here,” blogged Roland Dela Paz, threat response engineer at Trend Micro. “It affects Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2. We’d like to reiterate that this is a publicly disclosed exploit. As such, we can expect similar attacks in the future.”