When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

Cybercrooks add Windows flaw to arsenal

Attackers have added another, yet-to-be-patched Windows flaw to their arsenal, experts warned Saturday.

Cybercrooks have started exploiting a flaw in the Windows Shell only days after sample attack code for the vulnerability surfaced. Web sites that exploit the vulnerability are popping up and attempt to load malicious software onto vulnerable Windows PCs in a way that is undetectable to users, experts said.

"There are professionals at work using the exploit code," security firm Websense said in an alert. The miscreants taking advantage of the flaw appear to be part of the same group that in December used another Windows flaw to hoist spyware onto PCs, Websense said. That flaw stemmed from the way Windows handled Windows Metafile, or WMF images.

Microsoft warned of the Windows Shell flaw on Thursday. The flaw affects Windows 2000, Windows XP and Windows Server 2003, and could be exploited via the Internet Explorer Web browser through a component called WebViewFolderIcon, the company said. Windows Shell is the part of the operating system that presents the user interface.

View: Full Story @ ZDNet

Report a problem with article
Next Article

Sharing Songs and Pictures with the Zune

Previous Article

Microsoft: Fast start for Vista in businesses