Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Information Security News: Microsoft offers early fix for critical IE bug

Microsoft offers early fix for critical IE bug

From: InfoSec News <alerts_at_infosecnews.org>
Date: Wed, 27 Sep 2006 01:14:58 -0500 (CDT)

http://www.networkworld.com/news/2006/092606-microsoft-offers-early-fix-ie.html

By Robert McMillan
IDG News Service
09/26/06

With attackers finding new ways to exploit a critical flaw in Internet
Explorer, Microsoft has released a patch for the problem, ahead of its
next scheduled round of security updates.

The patch fixes a critical vulnerability in the way Internet Explorer
renders Vector Markup Language (VML) graphics. Hackers had been
exploiting the flaw, which also affects some versions of Outlook, for
more than a week, and in recent days malicious activity had been on the
upswing.

The out-of-cycle release is unusual, but not unprecedented.

Microsoft generally releases its security updates on the second Tuesday
of every month, giving system administrators a predictable way to set
aside time to test the new software. Occasionally, the company will
release patches ahead of time if a flaw is being widely exploited by
attackers. In January it patched a critical flaw in the Microsoft
Windows Metafile (WMF) image-rendering engine after it became a
widespread problem.

With attack code that works on the latest version of Windows XP now
publicly available, the VML bug is shaping up as a very serious concern
for administrators, said Ken Dunham, the director of Verisign's iDefense
Rapid Response Team. VML attacks have now "dwarfed the WMF activity in
the same period of time compared to last year," he said.

By Tuesday, more than 3,000 Web sites were already infecting users with
malware that exploited the VML bug, according to Dunham. One week into
the WMF outbreak last January, iDefense saw about 600 sites exploiting
the problem.

Security experts also warn that there are many variants of the VML
malware, some of which may be missed by security software. Researchers
at iDefense are now looking at a dozen possible variations of the VML
exploit code and have confirmed the existence of seven variants, Dunham
said. "With WMF there wasn't nearly as much modification. We see a lot
of different permutations and obfuscation techniques being utilize with
VML attacks."

A group of security researchers released a patch for the VML flaw late
last week, independent of Microsoft, but criminals have even found a way
to exploit the fix.

In the past few days they have been circulating phony e-mails, claiming
to be a patch for the VML problem. If downloaded, this fake patch
actually installs malicious software on the victim's system, Dunham
said.

Microsoft's next regularly scheduled security updates will be released
Oct. 10.

All contents copyright 1995-2006 Network World, Inc.

_________________________________
Visit the InfoSec News store!
http://www.shopinfosecnews.org
Received on Sep 26 2006

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]