A first Windows 8 Consumer Preview patch is available that fixes various issues and exploits of ActiveX controls and WordPad.
Microsoft has issued its first update for the Windows 8 Consumer Preview, shutting down hacker exploits
In the first patch for the Windows 8 Consumer Preview, Microsoft has delivered 11 fixes that cover weaknesses in areas such as Internet Explorer, Windows and Office. The update also fixes a bug that hackers are exploiting despite official release not expected until later this year.
The MS12-027 exploit is attracting the most attention though, because of the hacking exploits. “Microsoft is reporting limited attacks in the wild,” director of security operations at nCircle Security – Andrew Storms – said.
Specifically, the 027 exploit that has been closed is an ActiveX control that comes with every edition of 32-bit Office 2003, 2007 and 2010. SQL Server, Commerce Server, BizTalk Server, Visual FoxPro and Visual Basic also received the patch. Microsoft said the MS12-027 update should be installed immediately due to the exploit.
Hackers are also using bogus text document to hurt users when documents are opened through Word or WordPad can hijack PCs, which is worrying because WordPad comes with every copy of Windows 7 and Word is undoubtedly the text editor of choice for million of Windows users. Microsoft acknowledged the exploit in a post on its Security Research & Defense blog, saying the update was the “highest priority … to deploy this month.”
Worringly, developers who have bundled ActiveX exploit with a program could be leaving their users open to attack. It’s down to developers to update their programs.
However, Microsoft may already be late to the party: users who open a malicious site in Internet Explorer could automatically trigger the attack. And considering IE is going under a revival at the moment, while gaining market share, more and more users could be open to the attack if they don’t download the patch.
Not alone with exploits
It seems worrying that Windows isn’t the only OS experiencing attacks, with some OS X users in the U.S. being exploited. What’s worrying for Mac users is Apple can take months after the original update to port it over the OS X, so attacks could be widespread by the time the exploit has been fixed.
The exploit should at least remind Microsoft that close attention is needed for Windows 8.