Security Protection – Harry Waldron MVP Rotating Header Image

MS12-004 Early malware attacks starting to appear in wild

Trend Labs documents early developments for malware attacks that exploit the Windows Media Player vulnerabilities patched under MS12-004 during the Microsoft January updates.  Corporate and Home users should patch promptly and avoid all suspicious objects offered in email or websites

MS12-004 Early malware attacks starting to appear in wild http://blog.trendmicro.com/malware-leveraging-midi-remote-code-execution-vulnerability-found/

MS12-004 is rated as a highly critical security patch by Microsoft & ISC http://technet.microsoft.com/en-us/security/bulletin/ms12-004

QUOTE:  Earlier today, we encountered a malware that exploits a recently (and publicly) disclosed vulnerability, the MIDI Remote Code Execution Vulnerability (CVE-2012-0003). (Ed. Note: addressed in MS12-004).  The said vulnerability is triggered when Windows Multimedia Library in Windows Media Player (WMP) fails to handle a specially crafted MIDI file, consequently allowing remote attackers to execute arbitrary code.

In the attack that we found, the infection vector is a malicious HTML which we found hosted on the domain, hxxp://images.{BLOCKED}p.com/mp.html. This HTML, which Trend Micro detects as HTML_EXPLT.QYUA, exploits the vulnerability by using two components that are also hosted on the same domain. The two files are: a MIDI file detected as TROJ_MDIEXP.QYUA, and a JavaScript detected as JS_EXPLT.QYUA.

Comments are closed.

Network-wide options by YD - Freelance Wordpress Developer