Advertisement
  • About the Author
  • About this Blog

    • Posts Tagged: 0day

    Latest Warnings31 Comments
    15
    Jun 10

    Unpatched Windows XP Flaw Being Exploited

    A security vulnerability in Microsoft Windows XP systems that was first disclosed a week ago is now being actively exploited by malicious Web sites to foist malware on vulnerable PCs, according to reports.

    Last week, Google researcher Tavis Ormandy disclosed the details of a flaw in the Microsoft Help & Support Center on Windows XP and Server 2003 systems that he showed could be used to remotely compromise affected systems. Today, experts at security firm Sophos reported that they’re seeing the first malicious and/or hacked sites beginning to exploit the bug.

    If you use Windows XP and have not yet taken Microsoft up on its suggestion to disable the vulnerable Help & Support Center component, please consider taking a moment to do that today. Until Microsoft issues an official fix for this flaw, the workaround they suggest is an easy and apparently painless one. The instructions are available at this link.

    Update, June 17, 9:20 a.m. PST: Updated post to include link to Microsoft “FixIt” tool.

    Latest Warnings16 Comments
    14
    Jun 10

    Security Alert for Windows XP Users

    Microsoft is warning Windows XP and Server 2003 users that exploit code has been posted online showing attackers how to break into these operating systems remotely via a newly-discovered security flaw.

    The vulnerability has to do with a weakness in how Windows Help and Support Center processes links. Both Windows XP and Server 2003 retrieve help and support information from a fixed set of Web pages that are included on a whitelist maintained by Windows. But Google security researcher Tavis Ormandy last week showed the world that it was possible to add URLs to that whitelist.

    Microsoft said an attacker could exploit this flaw by tricking a user into clicking a specially crafted link. Any files fetched by that link would be granted the same privileges as the affected system’s current user, which could spell big problems for XP users browsing the Web in the operating system’s default configuration — using the all-powerful “administrator” account.

    “Given the public disclosure of the details of the vulnerability, and how to exploit it, customers should be aware that broad attacks are likely,” Microsoft said in a statement released last week.

    Continue reading →

    Latest Warnings / Time to Patch33 Comments
    5
    Jun 10

    Adobe Warns of Critical Flaw in Flash, Acrobat & Reader

    Adobe Systems Inc. warned late Friday that malicious hackers are exploiting a previously unknown security hole present in current versions of its Adobe Reader, Acrobat and Flash Player software.

    “There are reports that this vulnerability is being actively exploited in the wild against both Adobe Flash Player and Adobe Reader and Acrobat,” the company said in a brief blog post published Friday evening. “This vulnerability could cause a crash and potentially allow an attacker to take control of the affected system.”

    Adobe said the vulnerability exists in Flash Player 10.0.45.2 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems, and a component (authplay.dll) of Adobe Reader and Acrobat versions 9.x for Windows, Mac and UNIX operating systems.

    The company notes that the Flash Player 10.1 Release Candidate, available from this link, does not appear to be vulnerable. Adobe also said Adobe Reader and Acrobat 8.x are confirmed not vulnerable. Further, Adobe Reader and Acrobat users can mitigate the threat from this flaw by deleting, renaming or removing access to the “authplay.dll” file that ships with Reader and Acrobat (although users may still experience a non-exploitable crash or error message when opening a PDF that contains Flash content).

    The vulnerable component should be located at these spots for Windows users:

    Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\authplay.dll

    Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\authplay.dll

    Adobe says it is working on an official patch for the problem. Stay tuned for more details.

    Update, June 7, 11:25 a.m. ET: Symantec is reporting that one strain of malware exploiting this vulnerability is something it calls Trojan.Pidief.J, which is a PDF file that drops a backdoor onto the compromised computer if an affected product is installed. Clearly, this is a follow-the-bouncing-malware type of exploit: “Upon analysis of an attack, it is also observed that a malicious [Shockwave Flash] file (detected as Trojan Horse) is used in conjunction with an HTML file (detected as Downloader) to download another malware (detected as Backdoor.Trojan) from the web,” the company said. Symantec notes that while the current attacks against this flaw are targeted and limited, that will likely soon change as more criminal groups start taking advantage of the vulnerability.

    Update, June 8, 12:40 p.m. ET: Adobe said today that it plans to issue a patch for the Flash vulnerability (on 10.x versions of Flash) on Thursday, June 10, for Windows, Linux and Mac. But the software maker said it doesn’t expect to ship an update for Windows, Linux and Mac versions of Adobe Reader and Acrobat until June 29. Adobe also posted steps that Mac and Linux users can take to mitigate any threat from these vulnerabilities, in an updated advisory.

    Time to Patch12 Comments
    29
    Mar 10

    Microsoft to Issue Emergency IE Fix

    Microsoft Corp. said today it plans to break from its regularly scheduled monthly software update cycle to issue a patch on Tuesday for a security hole in its Internet Explorer Web browser that hackers have been exploiting lately.

    Microsoft normally releases security updates on “Patch Tuesday,” the second Tuesday of each month. But this Tuesday, Mar. 30, Microsoft will release a cumulative update for Internet Explorer that fixes a critical software flaw in IE 6 and IE 7. The browser flaw lets hackers break into vulnerable systems remotely, with little help from users.

    Redmond initially said it was aware of only “targeted” attacks that leveraged this vulnerability. But Microsoft’s statement that accompanied this announcement suggests that these attacks may have become more widespread.

    “We have been monitoring this issue and have determined an out-of-band release is needed to protect customers,” Microsoft said in a statement on its Security Response Center blog today.

    Tomorrow’s update will correct that flaw, as well as at least nine other security holes in IE that Microsoft had planned to patch on the next official Patch Tuesday (April 13).

    Latest Warnings17 Comments
    15
    Jan 10

    Exploit in the Wild for New Internet Explorer Flaw

    Less than 24 hours after Microsoft acknowledged the existence of an unpatched, critical flaw in all versions of its Internet Explorer Web browser, computer code that can be used to exploit the flaw has been posted online.

    This was bound to happen, as dozens of researchers were poring over malicious code samples that exploited the flaw, which has generated more interest and buzz than perhaps any other vulnerability in recent memory. The reason? Anti-virus makers and security experts say this was the same flaw and exploit that was used in a series of sophisticated, targeted attacks against Google, Adobe and a slew of other major corporations, in what is being called a massive campaign by Chinese hacking groups to hoover up source code and other proprietary information from these companies.

    Microsoft said it will continue monitoring this situation and take appropriate action to protect its customers, including releasing an out-of-band patch to address the threat. Typically, Microsoft issues patches on the second Tuesday of the month (a.k.a. “Patch Tuesday), but due to the seriousness of this threat and the sheer number of companies that have apparently already been hacked because of it, Microsoft is likely to push out an update before the end of the month. In fact, I would not be surprised to see a fix for this within the next 7 to 10 days.

    In the meantime, Redmond is urging IE users to upgrade to the latest version, IE8, which the company touts as its most secure version of the browser. Still, even IE is still vulnerable, and this is a browse-to-a-nasty-site-and-get-owned kind of vulnerability. As such, Internet users will be far more secure surfing the Web with an alternative browser (at least until Microsoft fixes this problem), such as Google Chrome, Mozilla Firefox, Opera, or Apple‘s Safari for Windows.

    A Little Sunshine / The Coming Storm9 Comments
    14
    Jan 10

    McAfee: Internet Explorer 0day Fueled Attacks on Google, Adobe

    The recent targeted cyber attacks against Google, Adobe and other major companies were fueled in part by a previously unknown — and currently unpatched — security flaw in Microsoft‘s Internet Explorer Web browser, anti-virus vendor McAfee said today.

    McAfee said its investigation revealed that one of the malicous software samples used in the attacks exploited a new, not publicly known vulnerability in IE that is present in all of Microsoft’s most recent operating system releases, including Windows 7.

    Continue reading →

    Time to Patch82 Comments
    11
    Jan 10

    Firm to Release Database & Web Server 0days

    January promises to be a busy month for Web server and database administrators alike: A security research firm in Russia says it plans to release information about a slew of previously undocumented vulnerabilities in several widely-used commercial software products.

    Continue reading →