Tag Archive: zero-day

Microsoft warns of new zero-day exploit for Internet Explorer

Posted Mar.10, 2010 under Microsoft, Windows

Microsoft has posted a new warning about an exploit that affects its Internet Explorer browser.  The zero-day vulnerability, which is already being exploited in the wild, allows for malicious users to install malware on a vulnerable machine.

According to CRN.com, the vulnerable “systems include Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4, and Internet Explorer 6 and Internet Explorer 7. However, Microsoft said that so far, Internet Explorer 8 and Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4 are not affected.”

The exploit occurs when there is an invalid pointer reference.  This reference could allow for malicious users to install and launch malware when the object reference is deleted. Microsoft said that the current attacks appear to be targeted but they are currently working towards a fix.

For any user that is still using a legacy version of Internet Explorer, this is one more compelling reason to upgrade your version to IE 8.  By upgrading to IE 8, you are removing one more potential exploit that could allow malware to be installed on your machine.

Tags: , ,
Leave a Comment

Adobe won’t patch public zero-day exploit until Jan 12

Posted Dec.18, 2009 under Apple/Mac, Linux, Windows

Adobe is set to release a patch in their next quarterly security update that will address a zero-day exploit. The exploit has already been publicly released and can infect users through javascript in Adobe Acrobat and Reader version 9.2 and lower, mentioned in the Security Advisory – APSA09-07.

Adobe has addressed this issue and will ready a patch in their next product patch cycle, coming on January 12, 2010. The issue effects all versions of Adobe Reader and Acrobat 9.2 and lower on Windows, Mac and Linux systems.

The risk of infection is still very low and does not pose a huge threat to users, however the potential danger of a hacker shutting down your system, and compromising your computer is possbile, but unlikely.

Adobe has mentioned that if users are worried of being compromised, that they should disable javascript until the fix is released in a few weeks. Adobe did release a temporary fix for users, which will populate the javascript Blacklist Framework, modifying the users registry settings – something that will be fixed when the patch is released.

Windows users can download and install this temporary fix from Adobe. Mac and Linux users will need to follow the steps on the Macromedia website.

Download: Adobe Windows Patch

Tags: , , , , ,
2 Comments

Microsoft investigating zero-day Windows 7 hole

Posted Nov.13, 2009 under Microsoft, Windows 7

Microsoft confirmed to Cnet News that it is looking into a report of a vulnerability in Windows 7 and Server 2008 R2 that could be used by a malicious attacker to remotely crash PCs.

The software giant is looking into claims of a “possible denial-of-service vulnerability in Windows Server Message Block (SMB),” a Microsoft spokesperson confirmed. Security researcher Laurent Graffie published proof of concept code in a blog posting proclaiming “This bug is a real proof that SDL #FAIL”. Laurent also added “the bug is so noob, it should have been spotted 2 years ago by the SDL if the SDL had ever existed.”

The flaw kicks off an endless loop on the Server Message Block (SMB) protocol used for sharing files in Windows. The vulnerability report came a day after Microsoft’s patch Tuesday for November. The software company released six patches to fix 15 vulnerabilities across different versions of Windows and Office.

Tags: , , , ,
Leave a Comment

Enter your email address:

Delivered by FeedBurner