[ insider_reports_insider ]
ZERT Patches IE VML Flaw
David Utter
Staff Writer
2006-09-25
 Insider Reports RSS Feed
While Microsoft continues testing a fix, a group of security researchers have responded to the escalating attacks vectoring on the VML vulnerability in Internet Explorer by releasing an unofficial patch for the problem.
 | | Group Patches IE VML Flaw |  |
Several notable people comprise the Zeroday Emergency Response Team (ZERT). They include Paul Vixie, the creator of the BIND domain name server, and Michael Lynn, the former ISS security researcher whose discussion of a Cisco IOS vulnerability generated controversy and legal action at the 2005 Black Hat conference.
The membership includes other security and technology professionals with an interest in providing a fix for problems like the VML flaw:
ZERT members work together as a team to release a non-vendor patch when a so-called "0day" (zero-day) exploit appears in the open which poses a serious risk to the public, to the infrastructure of the Internet or both. The purpose of ZERT is not to "crack" products, but rather to "uncrack" them by averting security vulnerabilities in them before they can be widely exploited.
The VML issue represents ZERT's first publicly released fix for a vendor issue. It has been reported in InformationWeek and other places that attacks exploiting the flaw have been increasing.
Sunbelt Software's Alex Eckelberry blogged about how the web hosting firm HostGator had a large number of sites cracked, with attackers attempting to exploit the unpatched flaw. Internet services company Netcraft discussed the HostGator incident:
HostGator customers report that attackers are redirecting their sites to outside web pages that use the unpatched VML exploit in Internet Explorer to install Trojans on computers of users. Site owners said iframe code inserted into their web pages was redirecting users to the malware-laden pages.
HostGator blamed the attacks on a previously undetected issue with their control panel software used by customers to manage their sites. Meanwhile, Microsoft disputed the breadth of VML attacks in a post on its Security Response Center blog:
Attacks remain limited. There's been some confusion about that, that somehow attacks are dramatic and widespread. We're just not seeing that from our data, and our Microsoft Security Response Alliance partners aren't seeing that at all either.
...we have been working non-stop on an update to help protect from this vulnerability. We've made some progress in our testing pass for the update and are now evaluating releasing this outside the monthly cycle, as we do any time customers are under threat and we believe we can issue an update that meets our quality bar for widespread deployment.
Scott Deacon, posting for Microsoft, said they were aware of the third-party unofficial patch, which as per company policy they cannot endorse.
For another preventative option, Eckelberry posted a workaround to the VML issue that Sunbelt is using internally, and does not require a patch.
The author cheerfully tips his hat to Opera and OpenOffice for permitting him to browse and write without worrying about Microsoft vulnerabilities.
---
Tags: Microsoft, Security, VML, Exploit
Add to  Del.icio.us |  Digg |  Yahoo! My Web |  Furl
Bookmark SecurityProNews - 
About the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.
More insider_reports_insider Articles
Insider Reports RSS Feed
|
|
iEntry 10th Anniversary
RSS
Archive
