| |||
|
|
||
|
|||
| |
|
Home > Security News > Security attention shifts to critical IE, Adobe flaws |
| |
|
|
|
|
| Security News: |
|
||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
Updated Friday, Aug. 19 to include Microsoft workarounds for the IE flaw and the latest on the Plug and Play attacks. As IT departments continue to grapple with malcode targeting Windows' Plug and Play flaw, vulnerability watchers are warning of fresh security holes in Internet Explorer and the widely used Adobe Acrobat and Reader programs. Word of a new critical and unpatched vulnerability in Microsoft's browser came by way of an advisory from the French Security Incident Response Team (FrSIRT). The organization warned that exploit code is already available. "This issue is due to a memory corruption error when instantiating the 'Msdds.dll' (Microsoft Design Tools Diagram Surface) object as an ActiveX control, which could be exploited by an attacker to take complete control of an affected system via a specially crafted Web page," the advisory said.
FrSIRT confirmed the flaw on a fully patched machine running Windows XP SP2, Internet Explorer 6 and Microsoft Office 2002. The advisory noted that the "Msdds.dll" library is installed with Microsoft Office and Visual Studio. Microsoft offers workarounds
Fixes available for Adobe
Affected versions of Reader, which is used to read PDF files, or Acrobat, which creates the files, include Reader's 5.1, 6.0 to 6.0.3 and 7.0 to 7.0.2. Acrobat versions 5.0 to 5.0.5, 6.0 to 6.0.3 and 7.0 to 7.0.2 also are affected. According to the company's advisory, a flaw in a core application plug-in could be exploited if a user is duped into opening a malicious PDF file. "If a malicious file were opened it could trigger a buffer overflow as the file is being loaded into Adobe Acrobat and Adobe Reader," Adobe said on its Web site. "A buffer overflow can cause the application to crash and increase the risk of malicious code execution." The vulnerabilities impact Windows, Mac OS, Linux and Solaris platforms. The U.S. Computer Emergency Readiness Team (CERT), which operates out of the Department of Homeland Security, found the security holes serious enough to issue its own advisory. Plug and Play attacks lead to spam uptick
To help infected IT shops clean up the mess, a Microsoft spokesperson said a no-cost, software-based cleaner tool is available to remove Zotob and its variants. Researchers from Alpharetta, Ga.-based security firm CipherTrust found that hackers were able to expand their botnets during the attack. In one case, an army of 2,000 zombie PCs grew to about 4,000 in a four-hour stretch. The firm said these expanded botnets have lead to a 14% increase in spam traffic in the last 24 hours. Dmitri Alperovitch, a research engineer at CipherTrust, said zombie machines have been key to the fast spread of the Plug and Play worms, and that the botnet growth he saw this week was unlike anything he had ever seen. Who's to blame?
Lynnfield, Mass.-based antivirus firm Sophos conducted a Web poll of more than 1,000 business users and found that 35% of respondents blamed Microsoft for the attacks because of its flawed software code. But another 45% said the virus writers deserve the most scorn, while 20% said their systems administrators didn't patch networks quickly enough. "The majority of users believe that the virus writer has to take the ultimate blame for deliberately creating and unleashing this worm to wreak havoc on poorly protected businesses," Graham Cluley, Sophos' senior technology consultant, said in a statement. "But what is most surprising is that so many people blame Microsoft for having the software flaw in the first place. Users' anger is perhaps understandable as Microsoft's security problems and their consequences are felt by businesses the world over. Many respondents appear to be incredibly frustrated by the constant need to roll out emergency patches across their organizations." Know your environment
"From what I have seen and read there are still a lot of Windows 2000 systems out there," he said in an e-mail exchange. "It really doesn't surprise me that it took off. Most places won't patch that quickly and won't put in the effort to create defenses that mitigate the need for immediate patching, even though there are a lot of things that can be done to stop things like this from spreading. My favorite people are the ones that feel they are still beneath the radar." He added, "You can't patch immediately without testing it. No developer is perfect and a broken patch can cause problems." He said companies have to do at least one of two things to keep up with the malcode writers: 1.) Shorten the patch cycle. "If a new critical patch comes out it needs to be tested and ready for deployment within 24 hours or you're probably not going to be protected when the next worm comes out," he said. "This requires a lot of coordination and may require a lot of coffee." 2.) Spend more time up-front learning your network and implementing better security. "A lot can be done to mitigate the attacks before they reach the vulnerable systems," he said. "This buys you time to test the patch."
|
|
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||
