Security Bytes: New Microsoft exploits in the wild

Johannes Ullrich, chief research officer of the Bethesda, Md.-based SANS ISC, said via email that the issue involving the flaw patched in MS06-036 is likely the most dangerous of the set.

"It would attack a client as it boots and attempts to connect to a DHCP server to obtain an IP address. The 'PoC' exploit released would add a new user to the system," Ullrich said. "There is no good defense against this issue -- other than patching -- in particular if you have to work in public networks."

However, he added, the exploit process is cumbersome, rebooting a PC a few times until it manages to work.

Ullrich said the issue involving MS06-035 has some worm potential, but a basic firewall should keep end-users protected. It could be used once inside a network to spread a bot internally.

He said the exploit involving the flaw in MS06-034 is likely the least severe. "It would require a user to upload a corrupt ASP page to a server. So an attacker would first need a valid user account on the system. This problem could be dangerous for users of shared web hosting environments," Ullrich said.

Sources have reported that exploit code for two of the flaws, MS06-034 and MS06-036, has been posted to the Milw0rm.com Web site.

"If you haven't already patched for these vulnerabilities," said SANS handler Donald Smith, "you should take immediate action."

Oracle for OpenView flaws discovered
The French Security Incident Response Team (FrSIRT) has reported multiple high-risk flaws in Oracle for OpenView, a data repository for Hewlett-Packard Co.'s OpenView systems management platform, created using a number of Oracle Enterprise Server and Oracle tools.

"These issues could be exploited by remote or local attackers to cause a denial of service, execute arbitrary commands, read and overwrite arbitrary files, disclose sensitive information, conduct SQL injection attacks or bypass certain security restrictions," FrSIRT said.

Affected Oracle for OpenView versions include 8.1.7, 9.1.01 and 9.2. The issues can be rectified by applying the fixes that Oracle released earlier this month in its most recent quarterly Critical Patch Update (CPU).

Firefox keystroke logger is on the loose
Mozilla Firefox users are warned to be on the lookout for instances of the FormSpy Trojan, instances of which are reported to be circulating in the wild.

Avert Labs Blog, said the low-risk issue was discovered Monday. It installs itself as a Firefox component extension and will forward data that a user submits via the browser to a malicious Web site.

"Upon successful execution, FormSpy hooks mouse and keyboard events," said McAfee's Geok Meng Ong. "It can then forward information such as credit card numbers, passwords and URLs typed in the browser to a malicious Web site hosted at IP address 81.95.xx.xx."

McAfee said the installer was heuristically detected as New.Malware.ag, but has also been discovered as Downloader-AXM. It may be installed by visiting a malicious Web page with no user interaction.

"Mozilla Firefox users should exercise caution in downloading and installing unsigned extension components from unreliable sources," McAfee said.

Tags: Application Attacks (Buffer Overflows, Cross-Site Scripting),  Database Security Management,  Web Browser Security,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Application Attacks (Buffer Overflows, Cross-Site Scripting) Adobe warns of critical update for Reader, Acrobat 9.1.3 9 Ways to Improve Application Security After an Incident Developers Need Help with Security Errors Buffer overflow tutorial: How to find vulnerabilities, prevent attacks SQL injection protection: A guide on how to prevent and stop attacks Experts rebuke programmers who use SQL injection as feature SANS: Application threats, website flaws pose biggest security threats Mozilla helps Adobe push out faster patches SSH key compromise shuts down Apache website IBM finds sharp spike in malicious content on trusted sites Application Attacks (Buffer Overflows, Cross-Site Scripting) Research Database Security Management What is the best database patch management process? Unpatched vulnerability discovered in Microsoft SQL Server SQL injection continues to trouble firms, lead to breaches Oracle issues quarterly patches, fixes database flaws Database monitoring, encryption vital in tight economy, Forrester says Oracle to buy Sun Microsystems for $7.4 billion Oracle issues 43 updates, fixes serious database flaws Imperva assigns security risk levels to databases How to create configuration management plans to install DLP Information security book excerpts and reviews Database Security Management Research Web Browser Security Microsoft fixes security update that breaks Internet Explorer Mozilla update repairs Firefox buffer overflow vulnerabilities Kaspersky system analyzes malicious URLs on Twitter for malware Silon malware intercepts Internet Explorer sessions, steals credentials Do Facebook URL security concerns justify blocking social networks? Phishing attacks to remain a major problem, say security experts Adrian Perrig: Improve SSL/TLS Security Through Education and Technology New Bahama botnet evades search engines, fuels click fraud SANS: Application threats, website flaws pose biggest security threats Mozilla helps Adobe push out faster patches Web Browser Security Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary buffer overflow  (SearchSecurity.com) cache poisoning  (SearchSecurity.com) cyberterrorism  (SearchSecurity.com) dictionary attack  (SearchSecurity.com) directory harvest attack  (SearchSecurity.com) distributed denial-of-service attack  (SearchSecurity.com) JavaScript hijacking  (SearchSecurity.com) ping of death  (SearchSecurity.com) stack smashing  (SearchSecurity.com) SYN flooding  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary