[ insider_reports_insider ]
Microsoft's Long Year Of Zero-Days
David Utter
Staff Writer
2006-12-21
 Insider Reports RSS Feed
From May through December 2006, Microsoft endured the emergence of ten zero-day exploits affecting their products.
 | | Microsoft's Long Year Of Zero-Days |  |
When it came to the potential for a large number of people to experience problems stemming from attacks against software, Microsoft products proved a desirable target. As 2006 proceeded, attackers seemed to shift their zero-day exploits to vulnerabilities disclosed just as Microsoft released their monthly updates.
Microsoft is the proverbial big ship in terms of steering its products away from the threats. It takes time to research flaws, exploits, and ways to fix the problem without shattering the entire software stack into a bunch of pretty pieces of glass.
The problem comes from criminals understanding this. Security advisory tracker Secunia illustrated Microsoft's zero-day exploits and their dates of publication; note how the dates tend to be close to the Patch Tuesday for each month:
| Advisory name | Date published | | Microsoft Word Unspecified Code Execution Vulnerability | 20061211 | | Microsoft Word Memory Corruption Vulnerabilities | 20061206 | | Microsoft XMLHTTP ActiveX Control Code Execution Vulnerability | 20061104 | | Microsoft Visual Studio WMI Object Broker ActiveX Control Code Execution | 20061101 | | Microsoft Vector Graphics Rendering Library Buffer Overflow | 20060919 | | Microsoft Word Code Execution Vulnerabilities | 20060905 | | Microsoft Visual Basic for Applications Buffer Overflow | 20060808 | | Microsoft PowerPoint Code Execution Vulnerabilities | 20060714 | | Microsoft Excel Multiple Code Execution Vulnerabilities | 20060616 | | Microsoft Word Malformed Object Pointer Vulnerability | 20060519 |
Most of the dates occur in the early part of the month, close to the second Tuesday that has been Microsoft's designated patch release date for a couple of years.
Rather than the scattershot approach of yore, where malicious coders would try to infect as many systems as possible, the targeting of applications like Excel and Word reflect a more specific approach to attacking systems, according to Secunia.
Excel and Word can be found on millions of computers, many in enterprise settings. A successful exploit that can drop a keylogger or other type of snooping program onto a machine could yield login details or sensitive files, and send them back to the attacker.
It's difficult to make non-technical employees understand that blithely opening documents from unknown senders can be dangerous. Salespeople and graphic designers are not system administrators, but we ask them to think that way.
As of this writing, Microsoft's Word zero-day problems (actually a trio now) are still unpatched. The next Patch Tuesday arrives January 9th. Will Microsoft have the Word issues fixed? Which products will be targeted next for exploitation? We'll likely know that in three weeks.
---
Tag: Microsoft
Add to  Del.icio.us |  Digg |  Reddit |  Furl
Get all the updates - 
About the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.
More insider_reports_insider Articles
Insider Reports RSS Feed
|
|
iEntry 10th Anniversary
RSS
Archive
