Zero-Day Windows Shell Exploit Emerges
Microsoft confirmed the existence Thursday of a vulnerability affecting the Windows Shell feature in Windows XP, 2000, and 2003. The issue exists in the WebViewFolderIcon ActiveX control, and successful exploitation could result in an attacker gaining the same user rights as a local user.
According the FrSIRT, the vulnerability was first discovered in mid-July, however exploit code did not surface until recently.
According to a security advisory, the vulnerability can be exploited through a specially crafted Web site that exploits the vulnerability. However, Microsoft said a user would have to be tricked into visiting the site.
Microsoft says that it is aware that proof of concept code is publicly available on the Internet, but knows of no attacks that attempted to take advantage of the flaw. "We will continue to investigate these public reports," it said.
Security firm Secunia has rated the issue as "extremely critical," and confirmed the existence of the issue on a fully patched version of Internet Explorer 6 and Windows XP SP2. It recommended users disable the "WebViewFolderIcon" ActiveX control, which Microsoft did as well.
"We are working on a security update currently scheduled for an October 10 release," Microsoft said.
The existence of so called "zero-day exploits," or code that is released on the same-day or before the exploit itself its publicly confirmed, on Microsoft products has increased with the advent of the Patch Tuesday program.
Some security firms have coined the term "Zero Day Wednesday" to describe the flood of exploits that seem to appear for critical Microsoft issues the day after the patches repair the problem.
The amount of zero-day exploits in existence highlight the need for IT administrators to stay on top and apply all applicable Patch Tuesday updates, security experts say.