Researchers eye more post-Patch Tuesday malware

It’s starting to look like a typical August for Windows administrators, with increasing reports of exploit code being cooked up for flaws addressed in Microsoft’s most recent batch of security updates.

Earlier this week, Symantec warned that attackers have set their sights on two Microsoft flaws — an unpatched DirectX Media vulnerability and the XML Core Services flaw the software giant patched last week in its MS07-042 security update.

Now Secure Computing is raising the alarm for “two fresh approaches” it says malware creators are poised to unleash through the recently disclosed flaws in Microsoft Excel and in Microsoft’s Vector Markup Language (VML).

In an email, the vendor warned that the recently patched Excel flaw could easily be exploited for remote code execution. “With .pdf files gaining in popularity in spam because of the socially acceptable practice of users sharing .pdf files, this vulnerability is poised to make Excel (also a typical file shared in emails) files the next high -value threat vector for the bad guys,” said Paul Henry, Secure Computing’s VP of technology evangelism.

Attackers could exploit the Microsoft Vector Markup Language (VML) flaw with a specially crafted Web page to do similar damage, he warned, adding, “This is yet another threat vector in the explosive growth of Web-borne malware. Secure Computing thinks that this vulnerability will quickly be included in available attack vectors for the automated Web-borne malware hacking tools now popular on the Internet: MPack, Shark 2 and IcePack.”

The obvious defense is to get the latest patches deployed, he said.

It’s good advice, though I’m not sure Secure Computing is revealing anything IT administrators didn’t already know. If they didn’t get a sense of urgency from reading the actual Microsoft security bulletins for August, they won’t get it from this latest warning.