Microsoft warns of attacks on Windows URI, URL handling flaw


Microsoft has warned of limited attacks using third-party applications to exploit a Windows flaw.

Microsoft has warned of limited attacks using third-party applications to exploit a Windows flaw.

In an updated security advisory, the Redmond, Wash.-based corporation warned of attacks using a URI and URL handling flaw in Windows XP and Windows Server 2003 with Internet Explorer 7 (IE7) installed.

Microsoft said Thursday that it is also aware of proof-of-concept code designed to exploit the flaw, which the corporation published an advisory about earlier this month.

The vulnerability occurs when Windows does not properly handle specially crafted URIs or URLs passed to it when IE7 updates a Windows component. Windows then modifies the interaction between IE and Windows Shell, according to Microsoft's updated advisory.

An attacker could set up a malicious link in an email message to exploit the vulnerability, according to Microsoft.

The flaw does not affect Windows Vista or any operating system where IE7 is not installed.

Bill Sisk, Microsoft's Security Response communications manager, said Thursday on a company blog that non-Microsoft programs are being used in reported attacks.

“Third-party applications are currently being used as the vector for attack, and customers who have applied the security updates available from these vendors are currently protected,” he said. “However, because the vulnerability mentioned in this advisory is in the Microsoft Windows ShellExecute function, these third-party updates do not resolve the vulnerability – they just close the attack vector.”

A Microsoft spokesperson referred queries for comment to the blog posting and advisory.  

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming event 

Webcast: Understanding this year's biggest adversaries - and how to combat them 

Nation-state activity, versatile, slippery strategies and Big Game Hunting - the threats are real, dangerous and ever changing. 
Brought to you in partnership with Crowdstrike