Tech Shout!

Leading security software developer, eEye Digital Security has just released a custom form of protection that will address a critical exploit that has been circulating in Microsoft’s Windows operating system. EEye has released a temporary zero-day patch which can be downloaded from here.

The flaw would allow a hacker to take complete control of an infected system. eEye has said that the award-winning Internet client security solution Blink, would be able to provide proactive protection against this flaw. In an effort to proactively protect Windows users worldwide eEye has thus released a temporary patch that prevents this flaw from being exploited.

This vulnerability exists within multiple versions of the Windows operating system and allows for a remote haker to execute arbitrary code under the context of the logged-in user. The vulnerability can be exploited by visiting a malicious web site or by opening a malformed Microsoft Office document.

The most potent attack method used by this vulnerability is conducted by embedding a malicious .ANI file within an HTML web page. Id this is done, the vulnerability will be exploited with minimal user interaction by simply coaxing a user to follow a hyperlink and visit a malicious Web site.

According to Marc Maiffret, eEye’s co-founder and chief hacking officer, “Almost a year to the day, one of the first third-party patches, proactively providing Windows users temporary protection against a serious zero-day vulnerability. As a result, we encourage all Windows users to take advantage of our free patch until other means of protection become available. Alternatively, users may install Blink Personal Security or Blink Professional Unified Client Security, which also provides protection without the need for security patches.”