The big news this afternoon is that Microsoft HAS gone out of the routine patch cycle to release a security fix for the VML vulnerability that’s been actively exploited in recent days for everything from sneak keylogger installs to massive spyware installs. Sans has a few links, if you de-registered the affected DLL you should consider re-registering the same so that you’ll be able to view/access vml content in the future. Here’s Microsoft’s technet Security Bulletin on the matter. (Visit update.microsoft.com if it’s not automatically downloaded for you.) It should be noted that the RC of IE 7 was not affected by this vulnerability.
Tag: Brian Krebs
-
Update on the Internet Explorer VML vulnerability
Just catching up on the days VML vulnerability news from today…. It looks as though… the exploit is now MUCH more widespread this blog has some video of an infection, what’s notable is that the first take was VERY UNEVENTFUL, it was used to stealthily install a keylogger. (So that they can harvest paypal/bank/etc. passwords…) So, there might not be a big red “you’re owned” sign pop up. Sunbelt reported on a test page to visit to see if you’re vulnerable. The direct link is http://www.isotf.org/zert/testvml.htm (Will crash IE if it’s vulnerable.)
-
Apple Macbook pro and other wireless fixes
Do you remember the big bruhaha a month or so back about the “apple wireless vulnerability” that everybody picked apart because in the video taped demonstration they used a third party card…. EVEN though the demonstrators stated that the same vulnerability existed in Apple’s own driver some on the internet tore one reporter up over stating that because Apple denied being shown exploit code (slight semantic issue there…) Well… those driver vulnerabilities that must have not existed, were fixed today by Apple. Brian Krebs has the story, as well as incidents.org
-
Being cautious with web links
Once upon a time the bad payload of a malicious email was it’s attachment, that still happens, but in many cases the links are the real lure – like a worm dangled in the water in front of a hungry fish…. the links though hide a danger on the other side…. the hook in our analogy. Brian Krebs writes about a utility called linkscanner that scans a given link to see if it’s hosting up malware. It’s from a place called Exploit Prevention Labs. I don’t know that I’d trust it completely as a safety net, but it might be worthwhile as another level in the defences.
-
More Microsoft Patch problems MS06-042
This has been one of the “problem child” patches this time around and it looks as though it’s worse than initially thought. Apparently, instead of “just” crashing IE SP1 when viewing compressed http 1.1 web pages on WinXP SP1 or Windows 2000 SP4…. as stated in Microsoft’s bulletins, this could also lead to a buffer overflow allowing for code execution. Microsoft is saying that they are not aware of that vulnerability being exploited or impacting customers at this time. The issue that was originally reported is detailed in this knowledge base article.
-
MS06-040 update
MS06-040 is one of last weeks Windows updates and is the one that was probably the biggest target for “wormable” activity. There’s a good deal of news from over the weekend with regards to this. First: Snort signatures, the MS06-040 exploit was spotted actively “in the wild”, and of course, our perennial friends in the spamming world didn’t waste much time in making use of this one.
-
Phishing – so many flaws to exploit so little time
In the last week there was a well documented writeup of a cross site scripting vulnerability which had allowed a phisher to pose as a paypal login with THE LEGIT PAYPAL SSL CERTIFICATE…. Brian Krebs at the Security Fix has some details on some of the new and interesting ways phishers are trying to exploit to seperate us from our personal information.
-
How embarrasing… Computer security firms database hacked
The Washington Times, has a story from Brian Krebs of their Security Fix blog about …
Guidance Software — the leading provider of software used to diagnose hacker break-ins — has itself been hacked, resulting in the exposure of financial and personal data connected to thousands of law enforcement officials and network-security professionals.
-
Free personal firewalls for windows will be a bit scarcer
It’s too bad that Symantec will be killing off a free personal firewall. I guess they didn’t like supporting competition for their (large) Internet Security with included firewall… About three months ago, Symantec bought Sygate who made a Sygate Pro and Sygate free personal firewall. Both the Pro and the free version will get the ax from what it looks like…
-
Brian Krebs talks to the FBI on cybercrime
Just found this interesting post at the Security Fix. It seems Brian has had a chance to ask a question of the FBI director Robert Mueller and to speak with the assistant director in the Cyber Division. There are some interesting answers to his questions.