September 19, 2006 | Comments: (0)
New IE zero day being exploited in the wild
FRSIRT announces new IE zero day in the wild.
FRSIRT says here that "A vulnerability has been identified in Microsoft Internet Explorer, which could be exploited by remote attackers to crash a vulnerable browser or take complete control of an affected system. This flaw is due to a buffer overflow error when processing Vector Markup Language (VML) documents containing a "rect" shape with an overly long "fill" attribute, which could be exploited by attackers to cause a denial of service or execute arbitrary commands by convincing a user to visit a malicious Web page.
FrSIRT has confirmed this vulnerability on a fully patched Windows XP SP2 system. This issue is currently being exploited in the wild by malicious web sites.
Solution: Disable Active Scripting in the Internet and Local intranet security zones.
--------
They also report yet another PowerPoint zero day.
---------
Update: My friends Jesper Johansson and Alun Jones have developed two custom security templates to turn off VML support in IE until Microsoft patches it. Click here.
-----------------Update on 9-23-06
Jesper created a new GPO startup script to handle both critical IE zero day vulnerabilities. It's an excellent script. If you are new to pushing scripts using GPOs, this is a good one to learn with.
http://msinfluentials.com/blogs/jesper/archive/2006/09/22/More-options-on-protecting-against-the-VML-vulnerability-on-a-domain.aspx
Posted by Roger Grimes on September 19, 2006 05:12 AM
September 13, 2006 | Comments: (0)
New IE zero day exploit released today.
Overflows daxctle.ocx ActiveX control. Works against IE 6 and XP SP2. I haven't tested against IE 7, yet, but it might fail because IE 7 handles ActiveX controls differently.
Click here to view C code.
Posted by Roger Grimes on September 13, 2006 06:19 PM
September 11, 2006 | Comments: (0)
MS06-049 causing data corruption problems
Slashdot is reporting that Microsoft's MS06-0498 patch is causing data corruption.
If you have compression activated on any folder, then the compressed data is at risk from corruption. New files that are close to a multiple of 4K in size will have their last 4,000 bytes or so overwritten with 0xDF.
Complete story here.
Thanks to friend Susan Bradley for the hint.
9-15-06 Update:
Microsoft acknowledges the bug and offers a fix.
9-12-06 Update: Taken from a public mailing list:
Microsoft Support confirmed Hotfix 920958 is bad.
"We are aware the issue you are experiencing. A corresponding bugcheck request is currently open, and the develop team is working on this issue. However, the hotfix for this issue is not ready.
0xDF is the data pattern that NTFS returns when it has problem to decompress the file (e.g.. the compression fragments are corrupted and can't be decompressed). Based on my research, the actual raw data on the disk is not changed, it shows as 0xDF because the system cannot decompress the file and display the data correctly. So the corrupt is not permanent.
Further more, the issue only occurs on files which containing Hexadecimal codes."
Posted by Roger Grimes on September 11, 2006 02:42 PM
TOP STORIES
Sun exec on OpenSolaris, LinuxAT&T: No free iPhone Wi-Fi info
MS to appeal E.U. fine
XP SP3 causes endless reboots
Vista as insecure as Win 2000
Apple slammed on climate change
Java ubiquity an edge in RIA battle
Google grilled on human rights
MS' post-Yahoo options
The InfoWorld news quiz
ADDITIONAL RESOURCES
- Application Security: Threats and How to Counter Them
- Why Linux Threats Mean Business
- Minding the Machines: PC Disaster Recovery for the Enterprise
- Protect Your Data with SSL
- Prevent Your Next Microsoft Exchange Outage
- 11 Myths About Microsoft Exchange Backup & Recovery
