Network Security & Hardware - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Microsoft Warns of New Windows Zero-Day Flaw



 By: Ryan Naraine
2006-11-06
Article Rating:starstarstarstarstar / 1


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
For the second time this week, Microsoft has issued a security advisory with workarounds for a critical zero-day flaw that's being exploited in live attacks.

Microsoft has released a security advisory with workarounds for a critical zero-day vulnerability affecting Windows users and warned that malicious hackers are already exploiting the flaw in live attacks.

The advisory provides prepatch mitigation for a bug in Microsoft XML Core Services, formerly known as the Microsoft XML Parser, a service that lets users create applications that interoperate with the XML 1.0 standard.

The vulnerability is caused by an unspecified error in the XMLHTTP 4.0 ActiveX Control and is rated "extremely critical" by security alerts aggregator Secunia, in Copenhagen, Denmark.

Affected software includes Windows 2000 (including Service Pack 4), Windows XP Service Pack 2, Windows Server 2003 and Windows Server 2003 Service Pack 1. Microsoft said customers who are running Windows Server 2003 and Windows Server 2003 Service Pack 1 in default configurations, with the Enhanced Security Configuration turned on, are not affected.

Resource Library:

According to an alert from IBMs ISS X-Force, hackers are already using the Internet Explorer browser as an attack vector. "These exploits target Internet Explorer through a vulnerable ActiveX control. Successful exploitation of this vulnerability may result in remote code execution," the Atlanta-based company said.

All supported versions of Internet Explorer are vulnerable, including the newly released IE 7.

The flaw is the result of the core XML engines inability to correctly handle proper arguments passed to one of the methods associated with the XML request object. "This improper handling results in memory corruption and ultimately may result in remote code execution," ISS X-Force said.

Microsoft confirms the flaw could use IE to trigger code execution attacks and warned that banner advertisements and other methods of distributing Web content could also be dangerous.

The Redmond, Wash., software maker recommends that IE users disable attempts to instantiate the vulnerable ActiveX control by setting the kill bit in the registry. Other workarounds, available from the advisory, include configuring IE to prompt before running Active Scripting.

It is the second major zero-day confirmed by Microsoft during the past week. On Nov. 1, the company issued a warning for an "extremely critical" vulnerability in Microsoft Visual Studio 2005 that could put users at risk of remote code execution attacks.

Click here to read more about the earlier zero-day vulnerability.

Exploit code for the Visual Studio 2005 flaw is publicly available. According to Metasploit founder HD Moore, the proof-of-concept exploit has been available in the point-and-click hacking tool since August.

Visual Studio 2005, formerly known as "Whidbey," is an integrated development environment that offers a suite of tools to help programmers build software, Web sites, Web applications and Web services. It is the latest version of Microsofts developer tools and includes Visual Basic, Visual C++, Visual C# and visual J#.

Microsoft said the vulnerability is caused due to an unspecified error in the WMI Object Broker ActiveX Control (WmiScriptUtils.dll), which is used by the WMI Wizard in Visual Studio to instantiate other controls. An attacker could use the flaw to "take complete control of the affected system."

The next batch of scheduled patches from Microsoft is due Nov. 14.

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.





  Reader Comments: Microsoft Warns of New Windows Zero-Day Flaw
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Ryan Naraine
 


x}r㶲s\@♵M=Ҕlcؖ3SDHbL\$KreoВ/g6ЍFh|G·$:arsݙc |:I]"IC(3`Zϩ:AzNɑ,G)~-sbs#j5w5vGl$J AT{j xL9uM껲9'ԗoOne0-ڶAq6)֐N0oϑ\R yǛKa(7F`X@7? iP2|q* ?n^S;G7ۯZx۬) rƒ tK_s;nZK}0[=RFp\ ДaCx`Mab&DJH7Ӕye $}ВEtBAͨ8 .)J!"xV3ˌE !\J!=! g|8Jn.b?G_5 .΃OawWʲ9QY +K\MޢG\zcOfeEz^?{6LqJjpX.B2iKB0NqjꛛZ\M㣯fzPb(7Z`Lm,5,Ltϭ y0`hvz?3Ϩagnۉ9~t$AG66^lzK $ ,70}HOQI4qp{4ڭ-%_ >< zNj$>6(Zχ`˦Mf@B9;ǻޚA<Q]ӡ4}a qjQ]*~s=w= H X.{s6G~>4-0%ޥ6A\IQo -2(%E2 4.gP)AH =k 99| ޑvZ*&RP*m=!ԑtLZ*ݗh3aGe-n^ $ d6g2+IMihj1!UG,D`v9J,L.Y ϴ6jԍebQ9дZ hқ͑ KҺ<M MX&# K8Y fzn8ǀs X<`6Ê0ӊYsξS s>xFx S6[93mX0NєDWjm>!4ÃiА4XԹæXgu׵Lj'rgtC.0s k2'yv=&.Q>jWuϙܑ-ӾRoBoڅRT眺_dA_fMjlȌu>IVB17O wz@nehIJ*#w4?{`ELE2a5?%ӻnR/0}ԙQ3BZsOsR'~2-$֒eۏRum"$l J=~iXZ @-24@0ٖk_Xt jQWt(:АT um:bXGJ}Bb&^fdhQSKpSw{{jaaC+UVjG,-s9Za5sV@@@7h TlVCax1ZzG As,ruFzY{zl.n9g #p2h>JeHǝ:~Lҧ[BSjb35-F  ? |'+gбfۋ°w^^v?~5l2_ۄC1͉V*a0؋TMa?y;HySI_.)UI$[b"ud\6˰@e9ִ&3v,˹& zfd~ a(Juѧși S M~!V hPQ1 "I;t/F#ϻǹOQ*#؊kh@4e2f M4_0-8JD%xXPr'RB SK@'Z``ELsǖYCǖbTیЂ|T=Oұ@%УpӞrFVyYB濙?O~T+BZ=N AQT*8Y+0yϹoǼL]:x /Oq8ݩ񺟟Qo(foܦ[pC.>#]\aQaSƖ]4FXXH]M;H̎OƚR*%)Pc0ڝ)稜*h3saztܙy` dEN]CxHlW1L4qW;GPVLΓuO#%c#lʂu!WMUm~,n`{]0>AG5h0qH&;3E689o:+@95-r I h5瞏 ӥ ,ćǑ]5}-tq]U*jAe/yUb^ چHB:GdH#`Zv*gwԪ6 h)YS!RW dĞeeK5EhjC鳨'8MG)Fi$]k|[P rfVȵ#w6霎0 M`}G ϓ1W5 `,fqNgGA: lCs0X3f~Wk*ktx{z&wܕ[ ܱ zϡRD71PUL xg4sfDcC6jM+'&GlEմZY+-g}X} 2␜n=!?s/=ZipN<ݠ1p J.u<1H}ʧBTuQRTbPQKJBgQ!VA#"ZAY_Mkkhs.p B0_\PFͧ.^ʵl`ۤ^ASf<^ΐےtK3ק~ 6FtMnIoNk21`I3I9`{IO4c3=#nȣYժ5UNJZZ$t` ۳<%8tpL\'eM=J皽6Dy<#ɟ?9pw@7|R'9w>EM+v@l+J9ww|L4 : {GFe!EO.'-JP]q,g$ ,$%,zǣx]!6p!,Bﵪ 1@E1 wcyIV~ZgZqRFQtW%|wiOIAct<~3>L{̾~xf;} {@NڝO'( ^-;.5.JV}R: jeyK5?p-:%5ށ6 `i8~@(}ׇ́{9'EE.; iFp0Z^ <!ha 8gOs%i; u ߽o= r@p'Bjv>$'d0 stn^'6b ` xѤ<"F<42l&zE5q^ڗY0pz!vB3ZMUc z Ay4:XFsvY;ºUXȬE`|CL($T0r `$X)XAU:]6DG:Ki6P^S(+RJ)"4FYO |Ze3_f~ Rt<~Ur:Pעo1Mr!}J_cNfo4~ P=8,rh%縵vRsE{dNlp jvz`iSrF4/ȍ_{w jEU8zLMàv)fTDxi'>fax!w-n?q%՝b"w?oBٸEO,l}[[Ϙ`AS:%I# m$jRSfj# $_2JI,v+ht(lAz jÚmf /.}ںm|d`M`l)Za!|)Nr 9j`e>!‡[yRb}b%%h8W:Brc'?<'|Gx쓓Z;GNZ"6GHD;1uv;2x;zZ1?ݞpne9?jw`;tVAΈvY?{xXL7mD1'~4ϿO@ 6̯> H-@V޽?0Qwp]9Qz AC~kN^qFΛ=uڻue'sw+t>Niamǡ850Nl"4P$yUZ/WU $d%FtZx@2&l%3 =яki^x̠t;g{f1vnw P >y{~}I.e~W(TR-.fO뻬$J骇\v%(#]MT--^\RK>_+U@< bY_ IKwvzkYXdbQ;Wٞg 1O O=pԶ؉Ç.X r?4hgazc{ƹ=39x <v<.߮ݘ8)<A~A< vD4)[7yΛz}hn3d⫆܆u õcV`j8-~o1֢$W |o(o&򽡎xknZS*9oL_lXS|  \(\DӞ Ma_}z2.mE.zQvc%F}7^S˗t8?q27 ~x+lF)Y9Өj Lt/t3cX㯻biEpLX]PczClqY=c/jﴎI:Ν[jYI.ݘ.R>}-!CJmmƋyQLyˉ7uYQRUjrDF oӗ?x| Qfg'B7Q)(ҿg aQ'Gn"MR KtZNRgEdZiO2cOz|m#v,ejAɛI3o*$Pr; G Q-1Bq]@iћO&Gʂ_e p+C°byVJ9^}iNeJq+?YYuYa"'Νw[ &G8Ô Tt goikJSuL}1Q4U=`QńQ?qEl!T _p&(5X{Oȕ,IlvA%= R358Á6oS.j8˒8VH/siZ|kmz5F,϶&|"Glu+7]cҗuzͻ$jX(LF0I*J4Z)1Zd\=P֋ey AhF =X :;|.T' A=ݮJgIlƟhO|Xf#TJLCT S!ߥ=x͂0Ml+H-'{)!- lRϙQB3:Ox$3Ϋ#@"iJ R4w@ʒJJ}] jȂ?Ǧ7дRޅ+ ]-Ez{RVJq#V a6 a-pVyDZix[qe R+lʕJŭ*eCiLa: lǔ!,a+"$M+>FSzm("̓69'a9TJ`HD]τa__:_nJɽxSU1 KsvG@1I-KU-mT,d7 -a6B=^gؐ1_yl1@@t >mb:xxJtEyOY`ION?>%i4O8|3 |5ol΢Ƅ~%|= &BDk Nk ZR$PڙϲUO؛ oyY66?q H%zqzXSn D5/~;$ᄙr2^xYb, 6ſ+2JU媇4ґ3s)&.u<'KZ-r#X>X#|q86 C =X?xoAS^TeEuIXy #HEx4V?_Z.[AߜkߜkߜkߜkoȹV+JvE[ynV, Pnqg0ChAa6GhokcӚ_k!ߟRI-IgckIkQLlc),]&  D3HoEHqolrH"̑x)^Eoer=-zb}6Ya8n}׺uӟ5*AD{3L㐞As~}:QWKJgs?I--R;ٛP+"Gkə(l4WXofğGu 6_z'Vm'lB[ob5L nh>z=W/%4C2ĚQa+I錃qlroI 3&e<_ -~ii>$=HHb9_"O=@1:.,Sjέc(j3+Wx_ڋKۨ_Q}u`2^Ӳ$yCj1nO,C$&Hm)0 Ŕx!LˊH/La.1]<?G7{]::^G9 nb,n0]@,6a%&)ȁ.bBʫ1ʱ, <߉n"" l?QX2 /(_Z6`cPk 0[a"ΩTh,vxUȥkc.͠ZE%>% Zk^YR+Ȉznj]!1cTA9=Q5%RU B-~0ki1]HhCy<Vz^3<=Wn&+m'hzBRKo^;G'ܬTMd n߬GN݀<1ڢ#Rīn!j>dlMᗚk烔KpʭBף:̹Kd5MĀon搯*ewZ.W>sW5Upav;3'|z`'`zՂ"Z{2֑:b楒V,T)ۺg=#TXC,|链9g0Y>GV$(bX ~-=`a>>(-^a̷Uqhi\%fdxI,C5o4y^KjL6"|ͱPfs;o;I XPp³]A+WTD~Nd>Mx\Hґu /`< z̥7f{@\;r q,$Ye)+փފ> rF@Yj$:GP56:iY)CsJ׽v߾졇U Cy6 &|E,J:K3Dù7CO蘱>6$EuE)d; wMy]J{χ\o|J7"75|$rkqC9 ?ތ/{JM)`U$u<C:΁ lZShtIED#ThbGB#Os eǤۭpxX0!<RA~9 26mDRPactkȚ1;ŬQ{0m<iA={م=r\01Faŷ^(l;b21c|>Os $Z`,%r|Ac "PF: 1n #Ĕv7UI8Fw-<8 u|`EP00aLn3 MqW'NgC̝|83LkR.ɖàzEQp#ߛꞿSg0Y1غ9P^(lkE/WQa{s޾scc~lT_d_T ΓQ9>o283ޢksYx9% i*w8lJD~D(/& F^MÀec"j]{=-Zq YW'>;tɑcdh>(}uR\js@1@C|k{5Bx_m;f ?g f_B&pj3 ݌rР(?@ |Py}I'8/rN+g:NF?2ʿ@4>v92?gYg=e笇^eeYg~W'P~Q(GFeg9yg_O7CtAt3E\_\fOe{Y_s]AUV9w*~P~U{uF$)cf5/pvJEsQ^53T}~)P5(ge3Vڍna{Ar!ge_/C@/q>sqm%R+ ]Q%=Mk[I2n@Kȣ_xi +{ OW4<< X1rnmŚ/JYy<q sbžȾ>skv"X5½p'e)c.AZG4YQB =P.v8)n7WpK|SG0nsOkr>u"[~|^|aOvHy:h~j|V/OUq< 9sYu8% {Y&@Y8'w)_hعKjzrfhNo4pGsn Lgn F$usC\ԴZjRs'HdQGDdyUUEVro9 VVjb`" *s>P`24UJ` z!J1 4c֭dKo1;BDO"׏ щ_F]$WeL+,d 'Eu//{_۱ CR1 1@eN*q0*b>d%Q V_dvO~5B> >,D*9"[o %P@EikA/?tI3ۉd&%}YQ v.ycьU%$tnPJrHqpC>~EE anhoy>ᲁe":}`c so#'Ttr!,NM[GeLc(ŬBCd=)O-[$@#5E`WC24`)zc<)znG}޴m΢ƄJu!A]=_vs[>/'R`v/-J^S.u 7tleb @J\ mE7#D*}X^c 0У,*08uF얢U.nD{zw1Ǹ[0tczw^= ɤ{%̅2 !δZxyU~ҥN.I,g`aQd+8*)ؐrk`4bOP1,,oԛ'TS*4.>ϭ>zp,saG?qX)>Z.^ {e75w SF \LWNENE<<Sf )VSL_Xџ_<|ړT+w\ƕy@Xqө8Yo~.ɛBy=Kͳ}RIg趾V;~v?;u~m a% ѨT\_;N+,Z膗6~t|ޒŠEKB^i B"Ewl:矒񲞝?a(XECh⍿c014?iUUA$摭7yE1um*.`;a+b(16lS24K_hjVJlxTɉY+z[q;f†[hh /b;f1ԲN?xh)