Network and Computer Security

A vulnerability has been reported in Microsoft XML Core Services, which can be exploited by malicious people to compromise a users system.

The vulnerability is caused due to an unspecified error in the XMLHTTP 4.0 ActiveX Control.

Successful exploitation allows execution of arbitrary code when a user e.g. visits a malicious website using Internet Explorer.

Microsoft Advisory & Suggested Workarounds: http://www.microsoft.com/technet/security/advisory/927892.mspx

Microsoft today released ten patches to fix at least 26 separate security holes, including a whopping 16 flaws in Microsoft Office and its constituent apps.

According to Washingtonpost.com’s Security Fix blog, this is the most number of patches ever released by Redmond outside of a Windows service pack.
Also of note, six of today’s updates apply to fully patched Windows XP systems, and two of the flaws are actually present in Windows Vista.

Less than 1 month after the discovery of a very serious vulnerability in Internet Explorer, EEyes has just published an advisory concerning a very similar (through different) vulnerability in the lastest IE.

Here’s the overview:

“eEye Digital Security has discovered a second heap overflow vulnerability in the MS06-042 cumulative Internet Explorer update that would allow an attacker to execute arbitrary code on the system of a victim who attempts to access a malicious URL. Windows 2000, Windows XP SP1, and Windows 2003 SP0 systems running Internet Explorer 5 SP4 or Internet Explorer 6 SP1, with the MS06-042 patch applied, are vulnerable; unpatched and more recent versions of Internet Explorer are not affected.”

The actual problem lies in URLMON.DLL, here’s a link to the full advisory.

Michael Sutton has up an interesting post on the security vulnerabilities that we really need to be concerned about.

According to Sutton, it’s not the new ones that are scary, it’s the old ones that have long since been forgotten.

He illustrates his point by walking through an example where he uses Google and Yahoo! to identify 50 web servers that are wide open to attack. The list includes an ivy league school, various colleges and a company traded on the NYSE. Definately a must-read and very well documented article!

Just as if we needed that, a new polymorphism technique allows viruses on AMD-64 processors to be even harder to detect.

“The virus, dubbed W64.Bounds, is not spreading in the wild, but was submitted as a proof of concept to antivirus researchers. The program is not easy to detect because it encrypts itself using a new algorithm and exploits a Windows feature available only on AMD64 systems to control execution”, Peter Ferrie, senior antivirus researcher for Symantec, said.

See the full article on SecurityFocus.

Just as Microsoft released on August 8th an IE 6 update to fix multiple vulnerabilities (See Microsoft Security Bulletin MS06-042), the NSFocus security team has found this update does introduce a new vulnerability.

This vulnerability can be exploited remotely by sending an overly-long URL to the browser.

This issue has been assigned the name: CVE-2006-3869

See here for the full details: NSFOCUS Security Advisory (SA2006-08)

See here for the advisory from microsoft and the updated patch: Microsoft Security Bulletin MS06-042.

The last Microsoft Office version appears to contain lots of vulnerabilities; so much in fact that many experts fear a new macro-virus like Melissa is quite likely to appear very soon.

Since the end of 2005, about 20 vulnerabilities have been found in Office; that’s more than enough for the virus and worm writers out there to find an easy to exploit one and to take over all the machines with the lastest Office (Word, Excel, PowerPoint, Outlook, and, for professional users, Access) installed.

The problem is even more accute that in takes an average of 4 months to Microsoft to issue patches fixing security problems; so as the number of known vulnerabilities increases tons of systems remain vulnerable.

Read more here: Flaw finders lay siege to Microsoft Office

We’re all wondering which antivirus is the best one to protect our servers.

The guys from Nephentes wondered the same thing and took the time to submit a sample of 4987 viruses to 14 antivirus softwares running on *nix platforms (some free some not).

The full study is here, but if you’re impatient here’s the summary:

(Note: the ‘Trend’ percentage is the variation between the current test and the previous one)