14 DAY TRIAL // While confirming that details on a Critical zero-day vulnerability have made their way into the wild, Microsoft noted that customers running the latest iteration of Windows client and server platforms are not exposed to any risks.
The newly reported security flaw resides in the Windows Graphics Rendering Engine and is remotely exploitable, according to the Redmond company, which earns it the maximum severity rating of Critical.
Successful exploits targeting the Windows Graphics Rendering Engine vulnerability could allow attackers to run infected computers remotely and effectively take over with the same privileges as the account of the user logged-on.
However, at the time of this article, Microsoft noted that it was not aware of any attacks targeting the flaw. At the same time, it appears that customers did not provide any feedback indicating that they were affected because of this security issue.
Microsoft has detailed the measures that need to be taken in order to ensure that any potential attacks will be rendered useless.
As it does with all zero-day reports, the company published guidance designed to allow customers to fend for themselves until a patch will be cooked and released.
Security Advisory 2490606 is now live, offering information on the 0-dat security hole but also workarounds that will help users hold off until an update will be provided.
The Mitigating Factors and Suggested Actions section offers advice on how to bulletproof Windows Vista, Windows XP, Windows Server 2008 and Windows Server 2003 against exploits.
As previously stated, Windows 7 and Windows Sever 2008 R2 are not affected by the Windows Graphics Rendering Engine 0-day.
“Although this issue does not currently meet the criteria for an out-of-band security bulletin, Microsoft is actively working to develop a comprehensive security update to address this vulnerability,” noted Jerry Bryant, group manager, response communications, Microsoft.
“Additionally, the company is monitoring the threat landscape and working with partners through the Microsoft Active Protections Program (MAPP) to take action against malicious sites that may attempt to exploit this vulnerability.”