Recently we became aware of a new security vulnerability that affects various versions of Microsoft Windows operating systems. This vulnerability allows remote attackers to carry out denial-of-service and local privilege escalation attacks against affected computers and though not confirmed, it may also facilitate remote code-execution with kernel-level privileges.
The issue was publicly released on September 7, 2009, by a researcher named Laurent Gaffié. The researcher published proof-of-concept code and some technical details on the Full Disclosure mailing list. He indicated that the code targets the Microsoft Server Message Block version 2 (SMB v2) protocol implementation in Microsoft Windows Vista and Windows 7 and it could be used to trigger a denial-of-service...
System Management Mode (SMM) is an operating mode available in Intel x86 and x86_64 architectures. SMM is the most privileged CPU operation mode on Intel architectures and facilitates power-management features and other operating-system-independent functions. It resides in a protected region of memory called System Management RAM (SMRAM)—access to which is typically limited to the BIOS. An SMI (system management interrupt) is used to enter SMM mode.
Over the last few years, research reports discussing attacks that target SMM have started to surface. In 2006, Loïc Duflot reported various security issues in SMM and presented an attack that bypassed the Securelevel mechanism in the OpenBSD kernel. In 2008, a research report...
Earlier this year I wrote a series of poststhat highlighted the rise in vulnerabilities affecting ActiveX controlsduring 2006. I mentioned that there had been an increase in the numberof ActiveX vulnerabilities over the last six years, but moreimportantly there had been a significant rise in 2006. The first halfof 2006 saw the release of 12 vulnerabilities, while there were morethan 40 vulnerabilities in the second half.
I also stated that although 2006 saw a significant increase in thenumber of vulnerabilities in ActiveX controls, this trend would likelycontinue in 2007 due to the availability of tools and increasedinterest in ActiveX security in the community. The analysis of thethreat landscape during the first half of 2007 supports thisprediction. It also appears that issues affecting ActiveX controls makeup almost 89% of all vulnerabilities that were reported in browserplug-ins.
On April 27, 2007, various Internet resources from the Republic of Estonia came under a series of DDOS or distributed denial of service attacks.According to claims by Estonian government officials and media, theattacks originated in Russia and followed a dispute between thegovernment and ethnic Russians over the relocation of a Soviet warmemorial from the Estonian capital of Tallinn. The attacks targetedwebsites belonging to government ministries, banks, media, politicalparties and businesses.
Though DDOS attacks against various networks have taken place onnumerous occasions in the past, the particularly interesting aspect ofthese attacks was that they appear to be politically motivated and mayfall under the...
In my previous post,I talked about the sudden rise in vulnerabilities affecting ActiveXcontrols. In this post, I would like to talk a bit about the technologybehind ActiveX and various steps that may be taken to prevent attacks.
An ActiveX control is essentially an Object Linking and Embedding(OLE) object. OLE allows objects to be shared using Component ObjectModel (COM) technology, which is a model that permits softwarecomponents to communicate with each other. Distributed COM (DCOM) is anextension of COM that allows for the sharing of components over anetwork. ActiveX technology essentially facilitates the functionalityof OLE on the World Wide Web. The controls can run on platforms thatsupport COM or DCOM.
According to Microsoft, ActiveX controls must provide an interface named “...
In my previous post, I talked about the sudden rise in vulnerabilities affecting ActiveX controls. In this post, I would like to talk a bit about the technology behind ActiveX and various steps that may be taken to prevent attacks.
An ActiveX control is essentially an Object Linking and Embedding (OLE) object. OLE allows objects to be shared using Component Object Model (COM) technology, which is a model that permits software components to communicate with each other. Distributed COM (DCOM) is an extension of COM that allows for the sharing of components over a network. ActiveX technology essentially facilitates the functionality of OLE on the World Wide Web. The controls can run on platforms that support COM or DCOM.
According to Microsoft, ActiveX controls must provide an interface named “...
The year 2006 saw the rise of numeroussecurity trends such as attacks against social networks, initiatives byresearchers to sequentially disclose many flaws in Web browsers andoperating system kernels, attacks being used for financial gain, and adramatic increase in the number of vulnerabilities affecting Webapplications. During the last few months of the year, I have noticedanother trend that did not receive much attention. There has been asignificant increase in the vulnerabilities that affect ActiveXcontrols. These vulnerabilities can facilitate an assortment of attacksthat may simply cause the disclosure of sensitive information to anattacker or, in the worst-case scenario, allow them to execute code togain unauthorized access to an affected computer.
During the last few years there has been an increase in the numberof vulnerabilities affecting ActiveX controls shipped by variousvendors. In the year 2001, DeepSight Alert Services reported a...
The year 2006 saw the rise of numerous security trends such as attacks against social networks, initiatives by researchers to sequentially disclose many flaws in Web browsers and operating system kernels, attacks being used for financial gain, and a dramatic increase in the number of vulnerabilities affecting Web applications. During the last few months of the year, I have noticed another trend that did not receive much attention. There has been a significant increase in the vulnerabilities that affect ActiveX controls. These vulnerabilities can facilitate an assortment of attacks that may simply cause the disclosure of sensitive information to an attacker or, in the worst-case scenario, allow them to execute code to gain unauthorized access to an affected computer.
During the last few years there has been an increase in the number of vulnerabilities affecting ActiveX controls shipped by various vendors. In the year 2001, DeepSight Alert Services reported...
