COLUMN

Security Blog Log: The new clearinghouse for flaws

By Bill Brenner 21 Sep 2006 | SearchSecurity.com Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Security experts sounded the alarm this week over new zero-day attacks against Microsoft's long-suffering Internet Explorer browser, and with good reason.

The digital underground is using the vector markup language (VML) flaw to drop a variety of malware onto vulnerable Windows machines, with the apparent objective of creating more botnets. Several attacks originated from a series of pornographic Web sites based in Russia.

Microsoft took the threat seriously enough to issue an advisory via its Web site.

The other medium Microsoft and other vendors are using is the blogosphere. Once used primarily by security researchers and pundits, vendors are posting their advisories on blogs with increased frequency. In fact, Microsoft issued its IE advisory on the Microsoft Security Response Center blog as well as the Web site.

About Security Blog Log: Senior News Writer Bill Brenner peruses security blogs each day to see what's got the information security community buzzing. In this column he lists the weekly highlights. If you'd like to comment on the column or bring new security blogs to his attention, contact him at bbrenner@techtarget.com. Recent columns: If e-thieves want your vote, they can have it Word doc scam evades spam filters Apple lives under a 'cloud of smug'

Clearwater, Fla.-based security vendor Sunbelt Software used its blog to get the first warnings out earlier in the week. It has subsequently used the blog to update people on the latest exploits, which seem to be coming from multiple directions.

Vendors have typically gotten their alerts out by way of Web site and email advisories. That's still the case, of course, but the blogosphere has become a place where they can get the word out even faster, and to a wider audience.

Between the blogs kept by vendors and those kept by an increasing number of security researchers and IT professionals, it's becoming much easier to get a quick fix on a new threat and how to defend against it. Indeed, there was no shortage of advice this week on how to deal with the Internet Explorer threat.

In a SecuriTeam blog entry, researcher Matthew Murphy examined Microsoft's suggested workarounds and added his own advice. Microsoft has suggested customers mitigate the threat by:

• Unregistering Vgx.dll on Windows XP Service Pack 1; Windows XP Service Pack 2; Windows Server 2003 and Windows Server 2003 Service Pack 1;
• Modifying the access control list on Vgx.dll to be more restrictive;
• Configuring Internet Explorer 6 for Microsoft Windows XP Service Pack 2 to disable binary and script behaviors in the Internet and local intranet security zone; and
• Reading email messages in plain text format to help protect systems from the HTML email attack vector.

While these are good workarounds, Murphy said, there are other things to keep in mind:

"The current in-the-wild exploits attempt system-wide software installations, as do most zero-day exploits for such vulnerabilities. If your browser is not running under an account with administrative privileges, this will not succeed," he said. "The most effective way to do this is for users to log on interactively with accounts running as limited users, rather than [running as] members of the privileged 'power users' or 'administrators groups.'"

In his Liquidmatrix blog, security professional Dave Lewis reiterated some of the suggested workarounds, then suggested the problem would be a lot less severe if people could curb their appetite for online smut.

"An even easier way to avoid the problem [is] to avoid surfing porn sites …" he said.

The McAfee Avert Labs blog offered similar advice, recommending users "stay on the straight and narrow path while touring the Internet."

Tags: Internet Explorer Security,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us