Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Latest News
    • Blogs
    • Security Watch

    How to Minimize Risk from Zero-Day Attacks

    By
    Ryan Naraine
    -
    January 16, 2008
    Share
    Facebook
    Twitter
    Linkedin

      As I wrote in this piece over at eWEEK.com, rigged Microsoft Excel files are being used to exploit a zero-day (previously unknown/unpatched) vulnerability and plant keystroke loggers on select (.gov?) networks.

      As Rob Lemos points out, bugs in Microsoft Office applications emerged over the last year as standard weapons for criminals conducting corporate espionage and computer attacks against military targets. Last summer, Microsoft’s Office team struggled to keep pace with flaw discoveries and, after a brief lull, it looks like we’ll see much of the same this year.

      If you have valuable information on machines with Microsoft Office installed, you might want to consider these important mitigation strategies to avoid finding a rootkit in a sensitive part of your network a few months from now.

      THE OBVIOUS:

      * Run up-to-date anti-virus software. It may not catch everything and, in many cases, it may be slow to respond to an emerging threat, but you really should have anti-virus as one of several layers of defense.

      * Keep all Windows machines fully patched in a timely manner. A clever patch-management strategy for systems with sensitive or confidential information can save you from zero days that piggyback on older, already-fixed vulnerabilities.

      * Do not accept or execute files from untrusted or unknown sources. In sensitive environments, do not open attachments (including .doc, .xls or .ppt), even from people you know and trust, because it’s easy for an attacker to spoof an e-mail to make it look like it came from a colleague. This also applies to files — and strange URLs — that arrive from contacts on your IM list. Distrust everything.

      * Do not click on links from unknown or untrusted sources. Again, distrust every link that comes with a catchy, enticing promise of a sexy video or hot news story. As a best practice, network administrators should filter HTML from e-mails and block executables at the gateway to keep attacks at bay.

      FOLLOW MICROSOFT’S LEAD:

      * Take a page from Microsoft’s playbook and implement multiple redundant layers of security. The biggest threats come from code execution attacks, so it’s important to use memory-protection schemes, such as nonexecutable stack/heap configurations and randomly mapped memory segments. I agree with the folks at Symantec DeepSight that this tactic may complicate exploits of memory-corruption vulnerabilities.

      * Run all software as a nonprivileged user with minimal access rights. Almost all malware attacks target computers that run with full admin rights. On corporate systems with sensitive documents (the big target for zero-day attacks), no-admin should be implemented as a priority.

      LISTEN TO MICROSOFT:

      This bit of advice from Microsoft is specific to attacks against Office (MS Word, MS Excel, MS PowerPoint) but it’s worthwhile for any business that could be a target of corporate espionage attacks:

      * Download and use MOICE. The Microsoft Office Isolated Conversion Environment feature is a free addition to the Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats. It’s a perfect solution for businesses that must open — and trust — Office files from external sources. MOICE can be used in tandem with Group Policy settings to convert documents in legacy (.doc) formats to OpenXML formats, stripping out potentially harmful elements that could pose a security risk. The conversion process takes place in a safe, quarantined sandbox environment, so the user’s computer is fully protected.

      * Use the Microsoft Office File Block policy to block the opening of Office 2003 and earlier documents from unknown or untrusted sources and locations. Microsoft has offered a registry scripts to help set the File Block policy (see workarounds section of advisory).

      Ryan Naraine
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×