Video Screencast Help
Security Response
Showing posts tagged with Vulnerabilities & Exploits
Showing posts in English
Amado Hidalgo | 13 Dec 2006 08:00:00 GMT | 0 comments

MS Word is under scrutiny again this month.We have some new and interesting details about the vulnerabilityreported by Microsoft on December 5 (referenced by CVE-2006-5994). Thestory shows how the road from a simple bug to a working exploit isshort and sometimes unpredictable.

This morning we analyzed some new samples that had been detected as Bloodhound.Exploit.106, which is a new heuristic detection released yesterday for the Microsoft Word zero-day vulnerability (described in Microsoft Security Advisory 929433). Among the submissions received from our customers we found a Word file that turned out to be a little gem.

We found a malicious Word document that was written in Portuguese and added detection for it as...

Ben Greenbaum | 12 Dec 2006 08:00:00 GMT | 0 comments

All aboard! Welcome to another ride on themonthly Microsoft patch train. We’ve got quite a few stops this monthand most are client-side vulnerabilities, meaning that an end user hasto take specific actions (typically by obtaining and then openinghostile content). Unless otherwise stated, the privilege granted to theattacker for all of the below vulnerabilities is the privilege level ofthe victim user. Most were publicly disclosed for the first time today,but the exceptions are noted. They are listed below in the order ofmost to least critical for the fabled “typical” network.

Vulnerability in SNMP Could Allow Remote Code Execution MS06-074 / KB926247

This vulnerability seems almost old-fashioned in the modern securitylandscape – a common buffer overflow...

Symantec Security Response | 11 Dec 2006 08:00:00 GMT | 0 comments

Microsoft have announced they are investigating yet another zero-dayvulnerability, apparently unrelated to the December 5 MicrosoftSecurity Advisory 929433. According to their investigations, Word 2000,Word 2002, Word 2003 and the Word Viewer 2003 are affected, but Word2007 is not affected by the vulnerability. They also report that thevulnerability is being exploited on a very limited and targeted basis.Symantec Security Response is monitoring the situation and will respondappropriately once further information is available. As always,standard best practices apply in this situation and caution should beexercised when dealing with unsolicited attachments from both unknownsources, as well as from trusted sources.

Chintan Trivedi | 07 Dec 2006 08:00:00 GMT | 0 comments

"A browser" – that’s all we were led tobelieve the next generation would need to create office applications orengineering applications. Now, the focus on security has begun todivert in that direction. Statistics from the first half of 2006 showedthat 69 percent of exploitable vulnerabilities were from Webapplications. Web application vulnerabilities usually get mixed up withserver vulnerabilities, although the two are distinctly different. Webdevelopers who design Web sites are not usually security gurus. Thedevelopers will often leave behind various security holes in the Webapplication because of bad coding practices and a lack of securityreviews.

On one hand, there are many security experts around the world whofuzz Web servers with variations in order find another zero-day. Theend result is that the gap between popular Web servers and exploitablevulnerabilities within them is increasing. It has been a long timesince we have seen a completely exploitable security...

Symantec Security Response | 06 Dec 2006 08:00:00 GMT | 0 comments

On December 5, 2006, Microsoft announcedthey were investigating reports of the exploitation of a zero-dayvulnerability in Microsoft Word (described in Microsoft Security Advisory 929433).There is very little information available regarding the technicaldetails of this new vulnerability. Symantec Security Response ismonitoring the situation and will respond appropriately once furtherinformation is known.

At this time, Security Response has seen various malware binarieswhich may be related to the limited reports noted by Microsoft. Thesefiles are detected as "Downloader" by LiveUpdate virus definitions,version 12/6/2006 rev. 16. At least one known downloaded file isdetected as Backdoor.HackDefender, using Rapid Release virusdefinitions, version 12/6/2006 rev. 25.

The standard best practices apply in this situation and as such,caution should be exercised when...

Orlando Padilla | 01 Dec 2006 08:00:00 GMT | 0 comments

The long anticipated Windows Vistaoperating system is finally out the door and as anyone would agree,it’s celebration time at Microsoft. But, let’s discuss what we are infor with a peek at the default user environment on the 32-bit platform.

Symantec Advanced Threat Research decided to conduct an analysis ofWindows Vista’s security enhancements provided by the user accountcontrol (UAC) and resulting new security barriers. No formalrequirements were defined, although a few guidelines were set to stayorganized; gather a sample set of malicious code, execute them underthe default UAC environment, and carefully determine their success. Theresults were then broken down into three categories:
1) Successful execution of malicious code
2) System restart survivability
3) Failed execution of malicious code, and why

There are two important prerequisites in place to establish fair play practices:
1) All malicious code must be executed under the default...

Aaron Adams | 15 Nov 2006 08:00:00 GMT | 0 comments

Succinct information regarding the OS Xthreat landscape is hard to come by. Much of the information regardingOS X security and threats is blatantly wrong, overwhelmed by flamewars, and generally hard to digest. This isn’t to say that researchersaren’t releasing accurate and cutting edge information regardingviruses, vulnerabilities, and exploitation vectors affecting theplatform. On the contrary, it seems that many of the defenders or usersof OS X are unaware of their existence, don't understand them, orsimply choose to ignore them.

In light of all of the misinformation and confusion surrounding thetopic, there is a lack of a sufficient summary of what threats haveaffected OS X and what research is being carried out regarding theplatform. So, I decided to document it. The document I set out to writewas not meant to uncover anything new. No new vulnerabilities, exploitvectors, or rootkit techniques. Instead, I wanted to correlate andsummarize the information that was...

Ben Greenbaum | 14 Nov 2006 08:00:00 GMT | 0 comments

Microsoft released six security bulletins this morning, covering atotal of 11 distinct security vulnerabilities. In rough order of mosturgent to least, here we go:

Topping the list in raw urgency is MS06-066 (BID 21023 and BID 20984,CVE-2006-4688 and CVE-2006-4689). This affects everything from Win2KSP0 to XP SP2, provided that the systems have the Client Service forNetware enabled. This obviously reduces the population of vulnerablesystems, but for those systems this is where you want to start. Thisaddresses two vulnerabilities, the more severe of which is theMicrosoft Windows Client Service For Netware Remote Code ExecutionVulnerability. If your computers match that description, you are wideopen to remote attackers, who have the opportunity to run code of theirchoice on your machines – until you apply the...

Shunichi Imano | 11 Nov 2006 08:00:00 GMT | 0 comments

It has recently been reported thatfunctional exploit code for Broadcom Wireless drivers has been madeavailable to the public. Concerns over the exploit are increasing,because the exploit allows remote code execution, and the susceptibledrivers are shipped with many new computers.

More information can be found at the Month of Kernel Bugs site.

A machine is vulnerable to the exploit if the computer has asusceptible Broadcom Wireless-N network card, and is running thedrivers in question. Unfortunately, due to the nature of wirelessnetworking, all that is required of the attacker is to be within rangeof the vulnerable machine. Because this vulnerability occurs at anextremely low level
within the networking protocol, there may be difficulties in detecting these attacks using standard IDS/IPS methods.

Symantec Security Response recommends that you update...

Eric Chien | 06 Nov 2006 08:00:00 GMT | 0 comments

An exploit has been spotted in the wild foran unpatched vulnerability in the Microsoft XML core services, whichallow developers to create XML-enabled applications. All supportedversions of Internet Explorer (including IE7) make use of thisfunctionality and are likely to be possible vectors of attack.

While the exploit has been spotted in the wild, it has only beenseen on a single Web site and Symantec has no confirmed infectionreports from customers. Nevertheless, as always, be cautious whensurfing the Web.

Symantec has already released a signature, Bloodhound.Exploit.96, to catch this exploit. More information about the vulnerability can be found in the Microsoft Security Advisory (927892).

Update Nov. 8, 2006: A...