Category Archives: Vulnerabilities

Attacks exploiting RealPlayer zero-day in progress

Filed under Vulnerabilities

Yet another example of vulnerabilities in client software (ie: drive by downloads)..which is a huge attack vector. I can’t remember when the last remotely exploitable vulnerability was. As usual, IE ActiveX is to blame (when running RealPlayer 10.5 or 11 beta). Below is an article about the vulnerability:

Attacks exploiting RealPlayer zero-day in progress

Security Focus BID here.

Patch located here.

If you haven’t a reminder stop using IE and use Firefox or another non-ActiveX browser. You may also want to disable ActiveX even if you don’t use IE on your Windows PC to mitigate the potential risk of future exploits.

Automate the workaround for the critical Adobe Security Vulnerability

Filed under Vulnerabilities

If you haven’t heard…there is a critical security vulnerability that affects Adobe Acrobat and Adobe Reader, versions 8.1 and below.
See Adobe Security Advisory APSA07-04 and CVE-2007-5020.

According to the Adobe Security Advisory, your machine is vulnerable if you have:

* Adobe Reader 8.1 and earlier OR Adobe Acrobat 8.1 and earlier
* Windows XP
* Internet Explorer 7

Javacool Software has a nice little tool that implements the workaround mentioned in the Adobe security advisory here.

Cross-site scripting the top security risk

Filed under Vulnerabilities

Looks like XSS is becoming the latest threat vector. No surprise here. Webmasters…keep your sites patched!

Cross-site scripting the top security risk – Network World

MS06-042 Related Internet Explorer ‘Crash’ is Exploitable

Filed under Vulnerabilities

This is a nice suprise from Microsoft! The patch to fix an exploit..causes a crash the is able to be exploited! (say that fifty times in a row) What to do?

– Windows XP: Make sure you are on XP Service Pack 2. SP2 is not vulnerable. Or, disable HTTP1.1 functionality.

– Windows 2000 IE SP1: Disable HTTP1.1 functionality or better yet, upgrade to XP w/SP2.

Hopefully Microsoft releases a patch for the patch soon!

SecuriTeam – MS06-042 Related Internet Explorer ‘Crash’ is Exploitable

MacBook Wi-Fi hack didn’t use Apple drivers

Filed under Vulnerabilities

So the truth comes out…here is a great quote from the article:

“Despite SecureWorks being quoted saying the Mac is threatened by the exploit demonstrated at Black Hat, they have provided no evidence that in fact it is,” Apple Director of Mac PR, Lynn Fox, told Macworld. “To the contrary, the SecureWorks demonstration used a third party USB 802.11 device–not the 802.11 hardware in the Mac–a device which uses a different chip and different software drivers than those on the Mac. Further, SecureWorks has not shared or demonstrated any code in relation to the Black Hat-demonstrated exploit that is relevant to the hardware and software that we ship.”

So much for credibility huh?

Macworld: News: MacBook Wi-Fi hack didn’t use Apple drivers

Mocbot Spam Analysis

Filed under Vulnerabilities

LURHQ once again has done a very good analysis of how the latest Mocbot (which exploits the MS06-040 vulnerability) works in detail. It also is a good overview on how bots, botnets, and botherders’s control thousands of Zombie machines to do thier bidding. Also shows you how security researchers spy on the botherders to learn how these bots work…be careful though, you could get DDoSed!

LURHQ – Mocbot Spam Analysis

Mocbot/MS06-040 IRC Bot Analysis

Filed under Vulnerabilities

LURHQ has relased a very good analysis of the MS06-040 IRC Bot which started exploiting vulnerable systems this weekend. You can view the analysis at the LURHQ website. SANS also has a very good article on some steps to take to block or detect this on your network. Note the following:

– Lookout for laptops coming back into your internal network. Telecommuters that VPN in from home then come back to the corporate network could be vulnerable if not patched.

– Outgoing traffic to 18067/TCP,

– Outgoing traffic to port 445/TCP (scans could be internal and external) looking for computers to infect.

– Anti-virus vendors may not be up-to-date with definitions so patching is your best defense right now.

eEye Releases Free MS06-040 Scanner

Filed under Vulnerabilities

eEye has just released a free MS06-040 vulnerability scanner for you network admins out there. It will tell you what machines are vulnerable. It comes in a 16 and 256 IP version. This might come in handy if you need to quickly audit a network for vulnerable systems.

Network Security | IT Security | Vulnerability Assessment | Intrusion Prevention

Microsoft Bracing for Worm Attack

Filed under Vulnerabilities

I guess it is just a matter of time…a worm is about to be released we can all feel it coming. New module is even been released for now the script kiddies can have some fun too. By the way if you haven’t patched for it now!

Slashdot | Microsoft Bracing for Worm Attack

MS06-040 = Patch now!

Filed under Vulnerabilities

Microsoft patch Tuesday brings us another very critical vunerability that needs to be patched ASAP! This one has the potential to be developed into a huge worm:

SANS – Internet Storm Center – Cooperative Cyber Threat Monitor And Alert System

Note: Even though this article says Windows SP2 can block this…patching should still occur regardless!