Microsoft touts security high points of 'Low-Rights IE'
The bad guys will have a much tougher time cracking the version of Internet Explorer planned for Longhorn, Rob Franco, Microsoft's lead program manager for IE security, said on the Internet Explorer Weblog. Franco said "Low-Rights IE" is "one of several new features that we're working on to help keep users safe. It is a defense-in-depth feature, meant to back up and support the many other security features."
While new security features will be baked into the upcoming release of IE7 for Windows XP SP2, he said Low-Rights IE will only be available in Longhorn "because it's based on the new Longhorn security features that make running without administrator privileges an easy option for users... When users run programs with limited user privileges, they are safer from attack than when they run with administrator privileges because Windows can restrict the malicious code from taking damaging actions."
He said the primary goal of Low-Rights IE is to restrict the impact of a security vulnerability while maintaining compatibility. "Low-Rights IE doesn't 'fix' vulnerabilities, but it can limit the damage a vulnerability can do," Franco said. "In that way, it's like the 'Local Machine Zone Lockdown' feature in XP SP2. That lockdown prevents cross domain vulnerabilities from installing malicious software on users' machines. We expect Low-Rights IE to protect users from other classes of vulnerabilities."
Sun fixes flaws in Java Web Start, Runtime
Sun Microsystems has fixed two security holes -- one affecting Java Web Start; the other affecting Java Runtime Environment. Both flaws are critical and attackers could exploit them to gain unauthorized system access and write malicious files.
In an advisory, the French Security Incident Response Team [FrSIRT] said, "The flaw resides in the Java Web Start launcher ['javaws.exe' for Windows and 'javaws' for Solaris and Linux] when handling specially crafted 'JNLP' files." This can be exploited through a malicious Web site "to bypass the default security policy and read/write arbitrary files on a vulnerable system or execute local applications with the privileges of the user running the Java Web Start application," the advisory said.
Users are advised to upgrade to Java Web Start in Java 2 Platform Standard Edition (J2SE) 5.0 Update 2 or later.
Attackers could also use malicious Web sites to exploit the flaw in Java Runtime Environment.
"This flaw is due to an unspecified error when handling specially crafted applets, which may be exploited, via a malicious Web page, to bypass the default security policy and read/write arbitrary files on a vulnerable system or execute local applications with the privileges of the user running the untrusted applet," FrSIRT said.
Users are advised to upgrade to Java 2 Platform Standard Edition(J2SE) 5.0 Update 2 or later.
Security hole revealed in Adobe License Management Service
Attackers could exploit a flaw in Adobe License Management Service to hijack vulnerable computers and run a program with administrator privileges, the vendor said in an advisory.
"The vulnerability exists due to a flaw in the installation of the License Management Service, which can lead to an unauthorized person gaining access to the user's computer," Adobe said. "The Adobe License Management Service is installed with various Adobe products that require product activation." The vendor said it's unaware of any attempts to exploit the flaw at this point.
Adobe recommends customers who purchased Adobe Photoshop CS, Adobe Creative Suite or Adobe Premiere Pro 1.5 apply the Adobe License Management Service update to address the problem. Customers using the latest version of Photoshop [version CS2] or Adobe Creative Suite [version CS2] are not exposed to this vulnerability and do not need to apply this update.
Flaw in Novell iManager, eDirectory discovered
Attackers could exploit a security hole in Novell iManager to cause a denial of service, Danish Security firm Secunia said in an advisory.
The flaw, discovered by Dennis Rand of the Danish Computer Incident Response Team [CIRT], "is caused due to a NULL pointer dereference error in the included version of OpenSSL within the ASN.1 parsing code," Secunia said. "This can be exploited via a specially crafted packet to crash the Web service." The vulnerability has been found in version 2.0.2 and other versions may be affected. Secunia said the flaw is "moderately critical" because attackers could exploit it remotely.
Novell has fixed the vulnerability in version 2.5.
Rand also reported a security hole in Novell eDirectory attackers could exploit for a denial of service. This vulnerability is also due to a NULL pointer dereference error. In this case, the error comes into play when handling HTTP requests for reserved MS-DOS device names. The flaw can be exploited to crash the NDS service, Secunia said.
The vulnerability has been confirmed in version 8.7.3 for Windows and earlier versions may be affected. Novell has reportedly fixed the flaw in the current interim release of eDirectory 8.7.3.