News

Coming to a Windows Server 2000 Computer Near You: 'Clippy's Revenge'

"It looks like you're using me as an attack vector for hacking into a business network, would you like some help?"

That phrasing, if not the exact wording, should be instantly recognizable to anyone who's ever used the reviled -- and now defunct -- Microsoft Office help agent icon known as "Clippy." And now Clippy, whom everyone assumed with great delight was dead, could be revived as a destructive force, IT analysts and researchers learned this week.

Security experts at Symantec, VeriSign and other vendors have discovered that a "proof of concept" code exists to exploit a vulnerability for which Redmond released a "Critical" patch (Bulletin MS07-051) on Tuesday. The exploit code comes less than two days after Redmond's announcement that hackers could piggyback on "Clippy" using a specially crafted URL to penetrate a workstation hard drive or, even worse, a business network.

In IT security terms, proof of concept simply means that someone has developed new code to test the hypothesized weakness and how it can be used to hack into a system -- in this case, Windows 2000.

It's not clear at this time whether there is any malicious intent connected to the new exploit code's existence. Symantec's DeepSight threat network first alerted customers that JavaScript exploit code had been posted to the Web from somewhere inside Brazil.

"There are a number of enterprises that still use Windows 2000 and this exploit is typical of the underground, a very common way to get into the system," explains Tom Cross, a researcher with IBM Internet Security Systems Inc.'s X-Force. "Things like the Clippy exploit are used to install malware almost all the time."

Current users and admins running Windows 2000 and related applications should install Microsoft's critical patch quickly, as well as leveraging whatever intrusion prevention system (IPS) technology is at their disposal, adds Cross.

IT security managers will have to decide whether or not to disable ActiveX control, as VeriSign suggests, or simply restrict access to non-pertinent Web sites while patches are loading on to the system.

Neil MacDonald, Vice President of Gartner Research and a Gartner Fellow of Information Security, says there are no penalties for being too cautious. He adds that it's fortunate that the "Clippy" exploit code doesn't represent a "zero day" attack, meaning the code didn't spring up before Microsoft released the patch.

"What you tend to look for with the 'proof of concept' versus something that is in the wild, is how the exploit code progresses," MacDonald said. "In this instance you watch out for code variants, monitor how it spreads and how the code evolves."

Eric Schultze, chief security architect at Saint Paul, Minn.-based Shavlik Technologies, calls the exploit "Clippy's Revenge." He said the scary thing is that "users and administrators don't even have to see the Clippy icon to get their system hacked Just be vigilant around your enterprise and take all the 'critical' patches seriously."

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.

Featured

  • Skype Room Systems Rebranded as 'Microsoft Teams Rooms'

    Microsoft on Wednesday announced the rebranding of its Skype Room Systems product line of partner-built videoconferencing and meeting room devices, which are now called "Microsoft Teams Rooms."

  • Intel's 'Cascade Lake' Datacenter Chips Tackle AI Inference

    Amid all the flash of this month's Consumer Electronics Show (CES), there was an unlikely datacenter announcement: Intel is now shipping its new Xeon Scalable CPU.

  • Azure DevOps Server 2019 Now at Release Candidate 2

    Microsoft released Azure DevOps Server 2019 Release Candidate 2 (RC2), according to a Tuesday announcement.

  • Cloud IT Infrastructure Spending Starting To Take the Lead

    IDC this month published findings on revenues from cloud IT infrastructure spending in the third quarter of 2018, based on server, storage and Ethernet switch sales.

comments powered by Disqus
Most   Popular

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.