The last zero day (activeX) seems to be less interesting than this NEW zero-day that really made a news splash in the last day. It looks as though this NEW 0-day affects VML… Incidents.org has good coverage here. Microsoft has an advisory up and they expect to release a patch on the next scheduled patch day (earlier if needed…. ahem….) Sunbelt is blogging about the “epic loads of adware” being pushed into systems via this vulnerability. Now, some workarounds….
Tag: DEP
-
DEP incompatibilities HP Deskjet 5550 printing blank pages
I had a frustrating morning last week. I had setup a new pc, transferred data and gotten everything in fairly nice shape. I had got the old printer attached and setup (HP Deskjet 5550). In fact I had done a test page through the printers software at the end of the install process (Some sort of deskjet toolbox software, not Windows test page pattern.) Then we were making sure everything worked and they went to print out a UPS label from Worldship. The printer had come unplugged in the last rearrange, so I plugged power back in and the printer loaded a page, ran the head back and forth twice and spit out a blank page. Oh, we were using a parallel cable – I’ve seen some parallel cable based printers get “flustered” when power is lost and back on (especially if it was in the midst of a job when the power was pulled) – so reboot…
-
Exploit Prevention in software
There’s been a lot of talk about hardware enforced DEP as a mitigating factor in some of the exploits in the last six months. There’s also a new software product that can limit the impact of zero-day exploits. The software is for windows and is called SocketShield. Suzi at Spyware Confidential has taken it for a testdrive on an unpatched XP system through some nasty exploit sites….
-
WMF exploit and DEP
There’s a bit of controversy over the suggestion that Hardware DEP seemed to protect against the WMF zero day exploit. Sunbeltblog has responded to the controversy. George Ou in the first link above claims that there’s a lot of bad advice out about this exploit and that hardware DEP (Data execution prevention) doesn’t work to mitigate the problem.
-
Lotus Notes WMF vulnerability
This is really the same zero-day wmf vulnerability, but there is a twist. It’s been found that Lotus Notes v. 6.x and up are vulnerable to the Windows Meta File (WMF) exploit that’s making the rounds. Probably not surprising given that there are reports of many vectors of attack, not JUST the web browser. What makes this one noteworthy is that it is vulnerable EVEN WITH THE regsvr32 WORKAROUND. The only other solution that’s been reported thus far is DEP (Data Execution Protection) with supported DEP hardware.
-
WMF 0-day exploit
There seems to be a 0-day exploit involving WMF (Windows Meta File’s) according to SANS. Here’s their lead-in
Just when we thought that this will be another slow day, a link to a working unpatched exploit in, what looks like Windows Graphics Rendering Engine, has been posted to Bugtraq.