Last year when Adobe Acrobat was being exploited in the wild, some were calling for people to switch their PDF reader software as a defense against the exploits targeting Acrobat Reader. While application diversity can enhance an individual's ability to withstand broadcast attacks, it is important to consider that any alternative software still needs to be maintained, and consideration needs to be given as to how security systems handle this software. If a replacement application is not handled well by perimeter systems, has security been improved by the replacement?
Today's Web attack toolkit operators are often content with only a small percentage of success with their attacks. This often means that they are deploying any and every functional exploit they can get their hands on without regard for how successful it may be. Thinking that one can simply move to software that is not currently being exploited is not a good long term solution. In the long term, moving to...
Well, it's that time of year again. April is the first month of the fiscal year in Japan, and a time when people look forward to the breath-taking beauty of cherry blossoms—known as sakura in Japan—slowly covering the country from end to end for an all-too-brief few weeks. Unfortunately it also seems to be a time malicious code authors in the Land of the Rising Sun see as opportune to do some of their dirty work. In this case, that misuse of perfectly good time resulted in the release of an exploit for a new Ichitaro vulnerability.
JustSystems’ Ichitaro is one of the most widely used word processing programs in Japan. On this occasion, a specially crafted Ichitaro word document creates a randomly named .tmp file in the Windows system directory. This .tmp file then drops and opens a legitimate Ichitaro word document, but it also creates a file named “beer80.exe” in the system directory. The .exe file will be unseen by the user and will,...
Hello and welcome to this month’s blog on the Microsoft patch releases. This is a fairly light month. The vendor is releasing three bulletins covering a total of eight vulnerabilities. Ben Greenbaum (Sr. Research Manager, Symantec Security Response) discusses these vulnerabilities in a video that can be viewed here.
Of the eight vulnerabilities, only one is rated “Critical”—a remote code-execution vulnerability affecting the Windows kernel. This is a fairly serious issue, because a successful exploit will result in a complete compromise of the affected computer. The remaining issues, all rated “Important”, affect the Windows kernel, SChannel, and Windows WINS and DNS servers.
As always, customers are advised to follow these security best practices:
- Install vendor patches as soon as they are available. - Block external access...
