[ insider_reports_insider ]
Zero-Day IE7 Exploits Missed On Patch Tuesday
SecurityProNews
Staff Writer
2008-12-11
 Insider Reports RSS Feed
Despite a record-breaking Patch Tuesday this week-28 patches across 8 reported vulnerabilities in one swipe-Microsoft managed to miss a couple. This has resulted in a zero-day exploit, originating from China, of Internet Explorer 7 on supported editions of Windows XP Service Pack 2, Windows XP Service Pack 3, Windows Server 2003 Service Pack 1, Windows Server 2003 Service Pack 2, Windows Vista, Windows Vista Service Pack 1, and Windows Server 2008.
 | | Zero-Day IE7 Exploits Missed On Patch Tuesday |  |
Two working proofs of concept were made public by Internet Storm Center yesterday. As reported there:
This is a brand new exploit that is *not* patched with MS08-073 that was released yesterday. I can confirm that the exploit works in a fully patched Windows XP machine.
The exploit is a typical heap overflow that appears to be exploiting something in the XML parser.
Later it was clarified to be an XML parsing remote buffer overflow export operating on a six-second delay in order to avoid automatic crawler detection. ShadowServer listed a slew of infected domains, mostly in China, exploiting the flaw, and it was said that malicious hackers were quickly adopting the method to inject Trojans on vulnerable systems. ShadowServer suggests, as a first step, blocking the listed domains.
Microsoft downplayed the threat saying they were "aware only of limited attacks that attempt to use this vulnerability, but they were investigating. Until a fix is produced, the company recommends running Protected Mode in IE7 in Windows Vista, and the default high security level on Windows servers.
Wolfgang Kandek, CTO of Qualys, recommends using Firefox, or a different browser, instead. "It is more reliable for an attacker to exploit a server vulnerability (after all no human intervention required) but today the Web browser is the ‘killer application' that everybody uses and provides the biggest attack vector. Browsers are very complex and powerful programs and are very difficult to secure,'" said Kandek.
"Patching for browsers should be immediate and continuous and be removed from the OS level and included in the browser itself. Recent research has shown that Firefox fast patching offers significant advantages over IE and Opera. Opera has added fast patching in their newest release and Google Chrome has had it from the get-go."
Additionally, Microsoft issued a second security advisory not included in Patch Tuesday involving WordPad Text Converter. The vulnerability was found in Word 97, Windows 2000 Service Pack 4, Windows XP Service Pack 2, Windows Server 2003 Service Pack 1.
About the Author:
SecurityProNews is a daily online and email publication focusing on internet security issues.
More insider_reports_insider Articles
Insider Reports RSS Feed
|
|
iEntry 10th Anniversary
RSS
Archive
