Security Bytes: New Microsoft exploits in the wild

Johannes Ullrich, chief research officer of the Bethesda, Md.-based SANS ISC, said via email that the issue involving the flaw patched in MS06-036 is likely the most dangerous of the set.

"It would attack a client as it boots and attempts to connect to a DHCP server to obtain an IP address. The 'PoC' exploit released would add a new user to the system," Ullrich said. "There is no good defense against this issue -- other than patching -- in particular if you have to work in public networks."

However, he added, the exploit process is cumbersome, rebooting a PC a few times until it manages to work.

Ullrich said the issue involving MS06-035 has some worm potential, but a basic firewall should keep end-users protected. It could be used once inside a network to spread a bot internally.

He said the exploit involving the flaw in MS06-034 is likely the least severe. "It would require a user to upload a corrupt ASP page to a server. So an attacker would first need a valid user account on the system. This problem could be dangerous for users of shared web hosting environments," Ullrich said.

Sources have reported that exploit code for two of the flaws, MS06-034 and MS06-036, has been posted to the Milw0rm.com Web site.

"If you haven't already patched for these vulnerabilities," said SANS handler Donald Smith, "you should take immediate action."

Oracle for OpenView flaws discovered
The French Security Incident Response Team (FrSIRT) has reported multiple high-risk flaws in Oracle for OpenView, a data repository for Hewlett-Packard Co.'s OpenView systems management platform, created using a number of Oracle Enterprise Server and Oracle tools.

"These issues could be exploited by remote or local attackers to cause a denial of service, execute arbitrary commands, read and overwrite arbitrary files, disclose sensitive information, conduct SQL injection attacks or bypass certain security restrictions," FrSIRT said.

Affected Oracle for OpenView versions include 8.1.7, 9.1.01 and 9.2. The issues can be rectified by applying the fixes that Oracle released earlier this month in its most recent quarterly Critical Patch Update (CPU).

Firefox keystroke logger is on the loose
Mozilla Firefox users are warned to be on the lookout for instances of the FormSpy Trojan, instances of which are reported to be circulating in the wild.

Avert Labs Blog, said the low-risk issue was discovered Monday. It installs itself as a Firefox component extension and will forward data that a user submits via the browser to a malicious Web site.

"Upon successful execution, FormSpy hooks mouse and keyboard events," said McAfee's Geok Meng Ong. "It can then forward information such as credit card numbers, passwords and URLs typed in the browser to a malicious Web site hosted at IP address 81.95.xx.xx."

McAfee said the installer was heuristically detected as New.Malware.ag, but has also been discovered as Downloader-AXM. It may be installed by visiting a malicious Web page with no user interaction.

"Mozilla Firefox users should exercise caution in downloading and installing unsigned extension components from unreliable sources," McAfee said.

Tags: Application Attacks (Buffer Overflows, Cross-Site Scripting),  Database Security Management,  Web Browser Security,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Application Attacks (Buffer Overflows, Cross-Site Scripting) Adobe ColdFusion websites being compromised PCI management: The case for Web application firewalls Month of Twitter Bugs project to document Twitter flaws Adobe issues first quarterly patch release fixing 13 flaws Balancing security and performance: Protecting layer 7 on the network Adobe issues Reader update fixing zero-day flaw The Pipe Dream of No More Free Bugs Security Squad: Federal cybersecurity defenses Oracle issues 43 updates, fixes serious database flaws Attackers target new Microsoft PowerPoint zero-day flaw Application Attacks (Buffer Overflows, Cross-Site Scripting) Research Database Security Management Oracle to buy Sun Microsystems for $7.4 billion Oracle issues 43 updates, fixes serious database flaws Information security book excerpts and reviews Kaspersky website hacked multiple times, expert says Kaspersky website hacked, customer activation codes exposed SQL injection attacks targeting Flash, JavaScript errors Fuzzing tool helps Oracle DBAs defend against SQL injection Oracle extends Audit Vault third-party database compatibility When should a database application be placed in a DMZ? Oracle patches dangerous WebLogic, Secure Backup vulnerabilities Database Security Management Research Web Browser Security Researchers to demonstrate new EV SSL man-in-the-middle hacks Security researchers develop browser-based darknet Microsoft cracks down on click fraud ring Mozilla patches 11 Firefox security flaws, JavaScript errors Microsoft patches WebDAV security vulnerability in bevy of updates IT pros can detect, prevent website vulnerabilities, thwart attacks Stolen FTP credentials likely in massive website attacks Trust eroding as social engineering attacks climb in 2009, says Kaspersky expert US-CERT warns of Gumblar, Martuz drive-by exploits Google study backs browser silent auto update feature Web Browser Security Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary buffer overflow  (SearchSecurity.com) cache poisoning  (SearchSecurity.com) cyberterrorism  (SearchSecurity.com) dictionary attack  (SearchSecurity.com) directory harvest attack  (SearchSecurity.com) distributed denial-of-service attack  (SearchSecurity.com) JavaScript hijacking  (SearchSecurity.com) ping of death  (SearchSecurity.com) stack smashing  (SearchSecurity.com) SYN flooding  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary