Wednesday, April 11, 2012

Windows: Security Issues Again


Zero-Day Flaw in Windows Apps Since Early 2000's

Zero-Day Exploit:

A Zero-Day Exploit means that you turn-on or install software - you are vulnerable. Most PC's shipped applications bundled like MS Office on PC's, right out of the factory. Microsoft posted a security bulletin in April regarding some vulnerabilities.

Exploit Description:

The Register writes:

One of the four critical patches in the batch – MS12-027 – addresses an Active X issue that impacts numerous application and creates a mechanism to drop malware onto vulnerable Windows systems.

Microsoft warned of attacks in the wild against the zero-day flaw, which affects an unusually wide range of Microsoft products and Microsoft users. Applications affected include Office 2003 through 2010 on Windows; SQL Server 2000 through 2008 R2; BizTalk Server 2002; Commerce Server 2002 through 2009 R2; Visual FoxPro 8; and Visual Basic 6 Runtime.
And quotes:

"Attackers have been embedding the exploit for the underlying vulnerability CVE-2012-0158 into an RTF document and enticing the target into opening the file, most commonly by attaching it to an email," Wolfgang Kandek CTO at security services firm Qualys explains. "Another possible vector is through web browsing..."
Scope:

Basically, if you have a MS Windows platform with any Microsoft Application (i.e. Works, Office, Internet Explorer, etc.) - you are vulnerable... and Microsoft is warning users that attacks will begin to surge in the next 30 days, while people have not yet patched their system.

This thing has been around a decade, a facility provided by the OS, and embedded into applications on nearly every Windows based server and/or desktop on the internet. A patch is available now, but another issue recently uncovered will not be fixed until next month.

By the way, If you are a Windows, Apple, or Linux user - Adobe Acrobat Reader needs some patching, too.

If you are a Solaris client user, your system should be fine.


Nightmare Scenario:

We just discussed several days back about an Apple vulnerability due to a third-party Java exploit. This one is due to a competing Microsoft Technology called "Active-X".

Welcome to the proverbial nightmare scenario for network managers - every system, everywhere, must be patched immediately, because of OS based issues with nearly every business and consumer application. Don't delay!

No comments:

Post a Comment