recent posts

Social Networking Accounts Prized By Cybercrooks
RedBox Warns of Credit Card Skimmers
Opera Updates and a Black Tuesday Preview
Beware Targeted Data-Stealing Tax Scam
Consumers Report $239 Million Lost To Cyber Fraud In '07

Stories by Category

Stories By Date

related links

The Archives
Security Fix Live: Web Chats
About This Blog
Password Primer
7 Security Tips
Technology Section

syndicate

About This Blog   |   Archives   |   RSS Feeds RSS Feed   (What's RSS?)

Microsoft Warns of More "Zero-Day" Exploits

Microsoft Corp. is warning Windows users to be on guard against a couple of unpatched security holes in its products that criminal hacking groups are actively exploiting.

According to an advisory issued on Friday, Microsoft's implementation of XML contains a flaw that bad guys can use to compromise Windows machines just by getting them to visit certain Web sites with Internet Explorer. The other problem, covered by an advisory released last Tuesday, resides in Microsoft's Visual Studio 2005 and is similarly exploitable.

Microsoft has had a tough time this year with so-called "zero-day" (or 0day) attacks -- those in which the bad guys leverage a previously undocumented software security hole to compromise computers hooked up to the Internet. Last year, Microsoft had to deal with just four zero-day attacks. From January through October of 2006, the company has had to chase down no fewer than 14 such attacks by my count, with most surfacing just after Microsoft's regularly scheduled monthly software patch release. Now it looks like we can add two more to that number.

Last week, Security Fix wrote about the "Month of Kernel Bugs" project, which promises to present proof of a new, undocumented security hole for each day of November. Today's bug is one that was actually reported to Microsoft back in Oct. 2004, according to Cesar Cerrudo from Argeniss, the guy credited with discovering the vulnerability.

By Brian Krebs |  November 6, 2006; 11:56 AM ET Latest Warnings
Previous: 180Solutions/Zango to Pay $3M to Settle FTC Suit | Next: 'Supercerts' Aim to Highlight Legit Web Sites

Comments

Please email us to report offensive comments.



People should be aware that IE 7 will not protect from this exploit but Firefox will. Also, using a restricted user account will help to minimize the risk if you do visit a malicious site.

Posted by: Troy | November 6, 2006 4:11 PM

Hi Brian,

I read your column and realize that I may have been victimized. Last nite, i visited the Microsoft security site as I routinely do and downloaded a custom patch for I.E. 7.0 and then rebooted the computer several times. The I.E. screen was blank with a window that continuously said "connecting". My favorites were all in the recycle bin but are not accessible since they need to go through 7.0. Now my screen is black and the computer is dead.

I follow extremely good security practices and am convinced that the problem resides with the 7.0 patch and how it relates to what was previously loaded in my machine. I believe that many others may be at risk so I am contacting you from my work machine in the hope that preventative medicine can be taken.

My security practices include Microsoft security page link with automatic regular updates and daily visits for custom updates, Norton (advanced version) firewall with daily updates and full system scans, Ad-Aware (advanced version) with daily updates and full system scans, daily maintenance of I.E. to include deletion of files, folders, and history under Internet Options.

What to do?

Bob

Posted by: Bob Benefiel | November 8, 2006 11:21 AM

Now this makes me laugh with MircoSoft Problems again. Seems With my Toshiba A105-S2051 Laptop when I did software updates through toshiba I got a worm coming from Windows Xp and this problem that this statement has. So how do we get away from these virus that mircosoft gave us?

Posted by: tOsHiBa | November 8, 2006 12:01 PM

The only real option you have if you want to leave Windows and use your current hardware is Linux. At the risk of being flamed by the Linux die hards, I would recommend Linspire. Their update system is excellent, it is easy to install and you can get commercial support. Wal-Mart sells some very cheap PCs with Linspire installed. I think it costs ~$50.

Posted by: Troy | November 8, 2006 12:28 PM

If you want to try out Linux with no commitment, just download and burn a Knoppix CD, and then reboot your existing Windows PC from the CD. It'll be a little slow because it has to read everything from CD, but you'll be able to play with Linux without having to install anything on your hard disk. If you don't like it, just reboot and take out the CD.

Knoppix is available here:

http://www.knopper.net/knoppix/index-en.html

Posted by: antibozo | November 9, 2006 6:17 PM

Brian,

You should take a look at DriveSentry.com and their software. It blocks zero day attacks by limiting write access to the hard drive etc. from anything but approved applications. Even if you go to a site with bad guys pushing malware using a browser with more holes than a screen door, it can't do anything because it won't have permission to write. So, it doesn't matter what the latest threat is.
They just released it and there is a write up about it on PC World and other sites.

Posted by: John | November 9, 2006 8:57 PM

The comments to this entry are closed.

 
 

©  The Washington Post Company