Zero-day attacks target Microsoft Visual Studio

By Bill Brenner, Senior News Writer 01 Nov 2006 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Attackers are actively exploiting a new zero-day flaw in Microsoft Visual Studio 2005, and the software giant has released a set of workarounds IT administrators can use to blunt the threat.

In the advisory posted on the company's TechNet Web site, Microsoft said it's investigating reports of a vulnerability in an ActiveX control that's part of Visual Studio 2005 on Windows. Attackers could exploit the flaw to run malicious code on targeted machines.

Zero-day attacks: AV upstarts tout need for speed in zero-day fight Microsoft Excel zero-day flaw discovered Zero-day flaws target 'safe' programs New Microsoft Word zero-day exploit discovered

"We are aware of proof-of-concept code published publicly and of the possibility of limited attacks that are attempting to use the reported vulnerability," Microsoft said. "Customers would need to visit an attacker's Web site to be at risk."

When the investigation is completed, Microsoft said it will take the appropriate action to help protect customers. "A security update will be released through our monthly release process or an out-of-cycle security update will be provided, depending on customer needs," the company said.

In its advisory on the threat, Danish vulnerability clearinghouse Secunia said the problem is an unspecified error in the WMI Object Broker ActiveX Control (WmiScriptUtils.dll).

Podcast: What is a zero-day exploit?

"Successful exploitation allows execution of arbitrary code when a user visits a malicious Web site using Internet Explorer," Secunia said. "The vulnerability is already being actively exploited."

The firm rated the flaw "extremely critical," its highest threat level. The rating is designated for remotely exploitable vulnerabilities that can lead to a full system compromise.

To blunt the threat, Microsoft recommends IT administrators take the following actions:

• Prevent the WMI scripting control from running in Internet Explorer.
• Configure Internet Explorer to prompt before running active scripting or disable Active scripting in the Internet and Local intranet security zone.
• Set Internet and Local intranet security zone settings to "high" to prompt before running ActiveX controls and active scripting in these zones.

Tags: Emerging Information Security Threats,  Web Browser Security,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Emerging Information Security Threats Modern malware, stealthy botnets, adapt quickly, expert says New ransomware Trojan pushes victims to buy software Bruce Schneier on outsourcing, awareness training US-CERT warns of BlackBerry snooping software Marcus Ranum on cyberwarfare, infosec careers Researchers find thousands of flawed embedded devices Enterprise botnets contain thousands of malware variants Nuke and pave to eradicate botnets Rand study urges caution on cyberwarfare attacks Hathaway joins Harvard to contribute to DOD project Web Browser Security Microsoft fixes security update that breaks Internet Explorer Mozilla update repairs Firefox buffer overflow vulnerabilities Kaspersky system analyzes malicious URLs on Twitter for malware Silon malware intercepts Internet Explorer sessions, steals credentials Do Facebook URL security concerns justify blocking social networks? Phishing attacks to remain a major problem, say security experts Adrian Perrig: Improve SSL/TLS Security Through Education and Technology New Bahama botnet evades search engines, fuels click fraud SANS: Application threats, website flaws pose biggest security threats Mozilla helps Adobe push out faster patches Web Browser Security Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary DNS rebinding attack  (SearchSecurity.com) drive-by pharming  (SearchSecurity.com) JavaScript hijacking  (SearchSecurity.com) man in the browser  (SearchSecurity.com) phlashing  (SearchSecurity.com) polymorphic malware  (SearchSecurity.com) pulsing zombie  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary