Network Security & Hardware - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Redmond Mulls Emergency Patch for IE Attacks



 By: Ryan Naraine
2005-11-30
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
Attackers are exploiting an unpatched flaw in Internet Explorer to launch drive-by Trojan downloads even as Microsoft scrambles to get a stable fix ready.

Microsoft Corp. is working on a plan to release an out-of-cycle patch to cover a gaping hole in its dominant Internet Explorer browser.

Sources say the MSRC (Microsoft Security Response Center) is aggressively aiming to release the emergency IE fix ahead of the December 13 Patch Tuesday schedule.

Officially, the company isnt commenting on a timeline for the IE patch. A Microsoft spokeswoman said the creation of security updates is "an extensive process involving a series of sequential steps."

"There are many factors that impact the length of time between the discovery of a vulnerability and the release of a security update, and every vulnerability presents its own unique challenges."

Zero-day exploit targets IE. Click here to read more.

However, a source familiar with the companys thinking said the out-of-cycle update is dependent on the patch holding up through a "very rigorous" quality assurance testing process.

Resource Library:

"If the patch isnt ready from a quality standpoint, it wont be released. But with an attack already underway, I think youll see an emergency patch," the source said.

Microsoft late Tuesday updated its security advisory to confirm it was aware of a zero-day exploit and a drive-by malware attack targeting the unpatched vulnerability.

Alex Eckelberry, president of anti-spyware vendor Sunbelt Software, said his company first detected the drive-by downloads earlier this week and reported its findings to Microsoft.

"This is a pretty nasty exploit. You just have to visit the [malicious] site and your computer gets hosed. Its dropping a Trojan downloader that takes control of the victims machine," Eckelberry said in an interview.

Sunbelt Software researchers have confirmed the exploit is being launched from a handful of malicious Web sites.

He said the drive-by exploit was successfully loading pornography-themed spyware programs on fully patched Windows XP SP2 machines.

"If theres one time Microsoft needs to go out-of-cycle with a patch, this is it," Eckelberry declared.

Stephen Toulouse, an MSRC program manager, said Microsofts anti-virus engine has been updated to detect the latest attack, which drops a piece of malware called TrojanDownloader:Win32/Delf.DH.

Anti-virus vendor McAfee Inc. identified it as JS/Exploit-BO.gen and confirmed it was using the zero-day "Window()" remote code execution exploit released last week by a UK-based group called "Computer Terrorism."

Eckelberry said that he was aware that Kaspersky Lab and Symantec Corp. had updated its virus definitions to detect the latest attack.

Click here to read more about Microsofts Windows Live.

In Microsofts advisory, the company recommends that customers can visit its new Windows Live Safety Center and use the "Complete Scan" option to check for and remove the malicious software and future variants.

The Safety Center, which is part of the companys new Windows Live initiative, lets customers run free Web-based computer scans to detect and remove viruses and other known malware.

It currently works only on IE and uses an ActiveX Control to scan for and remove viruses. It is also capable of detecting vulnerabilities on Internet connections.

Johannes Ullrich, chief research officer at the SANS ISC (Internet Storm Center), said in a recent interview that the severity of the vulnerability and the public release of exploit code should force Microsoft into releasing an out-of-cycle update.

"This one certainly qualifies for an emergency patch. How much worse can it get? At this stage, you really cant wait for next month to get a fix out there," Ullrich said.

Since moving to a monthly release cycle in late 2003, Microsoft has released three out-of-cycle patches, all for "critical" IE flaws.

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.



  Reader Comments: Redmond Mulls Emergency Patch for IE Attacks
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Ryan Naraine
 


x}ks8q8c=mGJɖkcY^K7SJEQ1ErIʶf7n|AKؖnt7F$IG=!g4(ٟ9O ޙ'Tw>{sLk9UQ#CQSrĠ建>u˜صAz:pG;|9|@D%SjNAM3g{Fm_6g2z9ޯ3 fEgM dz@'A:2,,Z P8"p,Z="?+B4eIXߢر7{Xe3g71m CKd/B(?ccC=~'f^B(ƻF{92}Gdh9-rt=yͰ { /\1r.bLѽ[@GT͝ L=TVE;&3ýtX:9zu r<rDJ53g=SےO=s 빎;P?B1 6#ݟR>҈chGǵHQ~aF3,Ӹ4 XSKC(DžJ|i{2S g֨n>ڻPʪ)aw>ʑCKo -%uPtڧ^O.[a\`'H Hw&LT)Jj\(ϒLCajLmdڽ~X}AFI?j;n9,4E; KHr ])21,"['lni][W^['wfٚY jiedXY3LUY}Y4[ۧg: Wh6 Nof O|muHYz>5406Z-Jj=2OiULxE$Y)r$8w.!}O}nr2GrI/o"$̏Q5 tA#J 1"3NE ;- ujvf5Py۬)G703_?]-w a4Z@Lu&h)5?&hb.L2o2|)6)`I˪ TI%嗋mQq>]R${3BDȝ`g@A.r)# 6=aL+^,4,j8N>]7+De. s5-w>E?´;{R?k5[Mһ^Z0*>cq4Y`I-. :oo:jal:}5"o+&rOG̶-a[e)s+~>NQ}Ymvi(|I}ѦޣR?7ݘiI70i\+Gݺ~LnXŞ+Fԇ9[i`I l"#0Ie&3 yG νdrgo͠~(wMnP>X^0 jp.HpyY?9>o  馥M L<ģA }p (~9-R;C/1tSt=JIAF"D% T h4A'EENNAww$]I+TbD8JnOu$]8gJ"ڹLX*QY,p[/ ͙JRd0u Q򍜈="`&Qea*0pRx5Qn-`oʱ& 4LX,CtH{27i &4u0OiH\U}ɲIg0sO<sy?#h? OzuG VV̚s=R.ƃ5‚L;ilR̴a85) 0|Ch#eBC`9N{S^kt'tuK\wıa漇d:N'p6?>{@L\n|8$o4<3rGֶL/ J% jJ=SsA|5i!3L&Ze nД S518 FLzS\O Όō$ЊOW}lTo-V,~%fcP*+úZjp ~V7Bɶ/²xcP6B6Rkυ5ò =2P" Cx Ea҆TSs  XTM.r_  }d2wê%M*ګY3ld tAqFA}$r?-j(6 3XSq:hzE>wH{LMπ|P9s?棄YTpܩ4hR*}a3)4&0Sӹbp=F˸>q,?XĞ-\FCZ\Saוּ.J !jd>n'L[aHz{>8`Tfha86-b?x;HySI_.)UIH~1:2.eX k;gOf3n/Hp]i%1y$pAS-cfDL3$!OT_'E)'x>5 d1'$o':|#XE~Hs}G>N-â-h'(0v O*J?C2By^FѮ\rR" #ӣFp|o)u7ufv9Aخ crAm1qW;PVC89'& B1&GJ lʂu!WMUm~tzfy@L t@zCxؽL HMҘNHyT9Ť֊kt)D ްk@FMS؇Qcm/kR9Tʚ5^,_]hDQT i^{p ZN&ӁZFB-†89k*rWo鸙 k /hy2檦dhSYlpg#H]ӞyM}|O>=a O#UIV:ݸr&ȫ"}kPgw(* Kq3`93"豥mBtP+'&GlE;<6Xk<v/H| ^{~w?I a9p驔rgHWtqM×[;iJCo`s 车RTS(.>JMP*jIIz, :,h7xџVPVW`Zd&s\%\{si0o)Q󩋗afD]R/)3nQ/ ~egmS?PG e[,r/鉚ƺRaf~`Gq+ZP`ӪV$,: 7Cd',-BGI}/\%I'sSfn tDo0|7=0FHΝrQӊ5JR'0阣kS@Z: GYdQ.|aR)V8N3Az vBs=Q<CGp {$,C81@ E D@;n߱?$ ?S-Ѝ)8gMX1BNJE])n)hl{ٗŗ#<4yu_u{~{y[QAZrҸ'^`>*/1EOMi|h(/ [dzNR(1I]2~̮Wf}A0lg~hy# 8$+'~p:K%E;&˖u ߽< rLpBj\?\(d0 szj\ 6b7 ` xѤ@"cxH/ "B@Itk,WZXKr!}&=CɢlhM٦ּֿT1r,`$X)XCu:]]4D':KEP^S(+RJ)"4FL |FϚu3_f| Rt?V$ݝf0iFX4b`/awʜW#SaZ ?Y ./v6g>&k?dN-Ɣ `ֳs@ϝπ(|@S?fdc:M"I^U֭UdU)I=YE'㣓)?8b[0d&q+=#tzooo=إ&<C?gkLw.z@z@pSx{Zg%QJ=,q @kjiIr\"~^YZ䑽DXHڃ}AuUL&mquOx-39&i NZ;yhtY AAXy !VorlK9w@rs&8< $[euw+[S'gSc;/HF#%g&OS˱mG @|Ր ;ar*|b \<U_M·⎭zgQy}rx|[qzLVNLRGzQc%Fm?^SϗIOg 4˼G Ys%P ek%Ta34 !˨yg"U呦91aJ3Ꙇ_A`"4yt|kq„yyԂV)]I5-f~kLIra{_CYn1L,3°\>o~kuG#q biÀv}~Ƞ p3&̙ 5JyTd>~b8eK6 k+rP\YdNãTe)e"S0QQgpj tnik+7dB},{P Y '̔b0l `sG9ҷqZļ)S-DJtutfXd2eזּ,YMh4L T gikJSuLdLm#aZQW=zgQҪ 7fO3<[ &0q޵'qJBim&ťL"ZQJՊ}?A4,7?wx?iȮ@-FL}%$:~{Z횪)=FQA/ˬi ԥaJ4ͣ?֦Y] fL/1ܣ+>-e UʪR)BZŠcG?"l&!l&[$|)#=xKS2U)shR˫w3 ޯATU o3R{:Wy0 V)$աg ̗>kCT@-hpJD5A&pB*pZ\jԩ?Uٖ]/ή~x(VP&@XmƤ fŲ98V]\\Ix@\~kkkk¡>k뫯mRkA%#}qxZ)^vMeL◣a?Ѿ -![bY߮ޖ#H]tRg!GT jy1aO: % V ?r|^t$[68w戢}?԰}\@Z+z:%>嵉x(oj}[{+zx jÑ0M>X9jØH.^tnizm%«n,[Ur_UE m z7$Oj5ohB5/>F <,罿%c!8+i7uDBWݯnm_DYYC[.˾˾˾^T,k?׸YOQ߲(\ֳp9u`:Ct($A&yfC`zqk#ŵmo=S[[;#gWnpx'oJj{Ȇx>\*ǭ?Z:`kO9-:E1,H_d;}f$!aXe |gZD,+]־vIx7 d~g Yb+gd G~0hU<|d:fD*rAR0A-yL5$<,]~=WF B ZXF0a~ٕׯ`$L]R /D'f,(+ǧVҜzf *LvR8M4 [zIЯOBB=:g|Z8usx#3v׹g_O넯Na VXַggmMY' Յn~r&ΠRzJx[Hܱ)D\K_GPʸyi븺e!-&%w,on]$$n{oTg9b y/̸l61]^iIͽ=ڶ/h P|F01-c )xQ:| ȪhֲF9wt%y۬RɊ2ײwbp,DӼٌz(J3@84I/Nl$8&wQqD3 ů 3h$Xy"G,G+ɻ^:#zi; s瘣7 y<[*{WH1'-N F/*`aZd=ImF {8R[~xv1̨B13?51^Ffpw>k0{sC"ot@9Ъ es^Ϩ7>kE_A-ȴjgϡ?6 ?.;!~^H:@q  za3 0.$o,S`,h6WR`a3طO0q_n]LǔuT[EOu@{GOaRM:' "Eo <7~ʥ={L=nr ȮO3*=>aˊvךSN|l:.kn*juoӞ-~E\t{@R(kj w'>d  D(g*Dz'q/$nV"j\js~+A#샒=%h=F?!,qX(DsA2G?cu\]SS[׈Zo[+W#rd! `,%7vya0`8(҈ǤHFpxAҲfz/lsh*b4 BM;&* }L1N%>%KZk^YR+Ȉz~j]!1cTA9-Q5!]RU BI?㍿|^.y9󬦘hCy<Vz^3n?Tvn&5+m'hzBRKo^;G'ܬTM$ n߮G܀SmQNa)c,h7w".jEI@ ZM)RӰp-|ri?NRuzB9ĞIB RRߡ<Y׹GVRѪErr|ˆ*.pǜ=I\1ړncG0/bZNa=kA# Dxz'0o&F:<}Q-DR!&Rmqk%d\ c;ZV]MoA/m)hTԮnF-ݥDm+il ',l6IΜ0ڱJ R 9/RRmF 96z?bu{ι0aeYYW;-%U$d[j4K$¨ӔAJNa rۺm6A4@G"0uxG*%_Dx9ʇ1f=0LZU5}Tbt/{X?-'|͈Vs%M.?OcBzRqW<00t+P̲jNT]OpY=XCE3 F\}­BA*o[Y_DH_MZh:&Κ )<]Сܛ r@JoIg/4|x}A6ڄykiDž$Y^ cGNP_jԓpS;"΀E௥oXV{+$νOg-<-SWld""@Ո_޺i>"?4uӻhzxX2Lp@k8f!}tQhƟ˽ى#t@!'vQ]Q sap3Bx7t'le1u`Yuh c>zSH_!m#!k^bΑfrQk|)J 8 `8.gj5U%2&P9 dU ?M=/׽nrj5-i`I; aAJx&O,6")(ddctkaٌ6\? 'lD KmDs}%%zH"V|8snj=J<rWH8ʿI&FK1tQ:.( oI[PXP؟eKL)awSa/x]#3L\O>,2E<ez?,GA~25:bV!Ù`>\oN*r P:ςexs!aZ;<QB<䱤Pl <'<,ll7Lzwj@h),f,TՊR &uU !2,=VR<> AguUo VH+^@03:%E$͈ɵ?:4.5iV>NWv.7x Zӷptԝsm~9^}9k_ۗ\ij;|jkym2/*v(P]6:-f)L=\h^Epɂw]%;飱</ĩ3^>ޭV CpXmn8~(hOu{it/[zhR `NjP1W(5ʯ76S](f#77VF)n.?eCF?|O۹y{syпvF?Ӿ(3e//Eޚ1>w};}: ; v2e2P93(@y'2c|/A~.32cnF _?2 ޿x:z/??}P9g @MV9M@7d_ryrָ…)IFy)W?RErXB]eBy>++P/Үw3 ث : 3/z^}NV&n3^a芪g-5nZ ǸJuv ^_A5KHe^ۛT#GP78%Y}MNJ 4tk 7b[y@YAI{R}tEOI>tiDLw<-cENj9.~QJxdR$42'f[ 3]D4{HO8ѭ=\z[G4YQ=P.v8)nדpK|SG0U75inhg?>/yd֦WVFkp'k͠?~%s"L^z!J1 =4c֭dK1BDO"׏ щڣf˘E͛YʌNEu//{_۱ CR1K1@e^*q0*j>d%Q<8s`6>&m\ʠaCao/Yb+F;c`\;=2gj y }by0\9+h@z4}z<87mJN)gL#[ ot^=F:L .LeSzy;»18,_bٴD MA( 5t0=_4nu–'*F;B.N7lɱwؼ!B0BNY0( 8[]^ṀqmX?ap[N(joԃ`w[qM H@f]32 çOn3A ~.m oFӴFo"9ţ:aс(Yc{XnD82sx 2&6u;/Js)gxt1oN϶{3[;5 uu7Lђi'/TB# tB5\ O؅;09ZLPO"x^?\vi 2#0' MĮkfAj3´,vץxI5713?<'fs(O9>LR?>KGJF= %4Id`VX`8O 챧,J~Χ%NAa:2Ş_ =6}`^s D֣4g8 "s k!v+2}jQwh}vWXsM"m,?hPxUE0P$=Cf Kӗ?QcС_456:\/5*l$9=ASh4ϛ5eXI% i;j9.KPRJVr.Q ?n·FoUSeOTx/ē_| 3Obx`#Yұ ߚQ TDO2vy9=|En[~QڗE@1agG۶f*iů K oX)un'|oȯ)0XPy4w<p2I>0n9iws[T:DePޙi!/;vcfR*Il;:Ƶd2֭kc'pg! X`)yc<znG}޴cHPWFׁݞV Xo} 8lO.d|}́!XsCQ%7` =[-Hˍt_f%\!d3@FWD0;"ZYmKE%&(Xp\'A6Ιls;>Ba2\DGx kyf#ŧ3W<2ZP'jdVw@8̝-ӟ~H׶I5"`:Vڕ+zYL1e~}=3ӲG(q2,@zPF!Rk+Wei$ցȉ8ǩc[mx uuke!.1:7˟]lׁQ#iHGTFE®":u`x];ս7\TUc׮2 + v$п9V0|6,lp/>cwϏq`2[uG{0^5϶p2$82#" $8zIW{{a0&iE㨤t`C v_ʉ~ph;?҈>A wVǰ.XF!&ۅ7O80Ux|-h\};X\9i,8LgѸ:"X=<,KVw;+[Ȁ7H>Y;D,5Rb:(G=zk|FXKwڲ mr?u,r?],M c|Rc9bfrW`0M.<jgWP Y-f1%Dv88)ҡCCԚB4fƲ 7cP.X-%B@:S .x CG,$?ˋ}P byx ŧ$NS?X|ړT+ƕy@Xqө8Yo\V.˛_,{ٗŗ#RI>SoXyx8~']f(FRqO\|j8)>^tcoh-/=i~ptٔŠ҂%!t4!ջj4ɊxY޿a(XECh⍿c014ߛ9ZY$I#;ov[b$- {\֓CX-lu; o]F'eh|NKIk^ͦG(5 wm&l2)v}ml-c6C-{O`")