Articles about Zero Day

Ah, the life of a security reporter: You ask Microsoft's communcations managers if the new PowerPoint vulnerability announced Thursday evening is a zero-day vulnerability, currently being exploited in the wild with no patch to shield us, and a spokesperson responds that "At this time, Microsoft is only aware of limited and targeted attacks that attempt to use this vulnerability." In other words, yes.

Security Advisory 969136 describes the new problem as one that can allow remote code execution if the file recipient opens an infected file. The Microsoft Security Research & Defense blog is rather more useful (not to mention straightforward -- yes, they're seeing it out in the wild, used in targeted attacks), recommending several defensive maneuvers while we await a patch. Those include using PowerPoint's newer version of XML, temporarily disabling the binary file format if your organization's using PPTX, and forcing legacy PowerPoint files to open in MOICE. Bloggers Bruce Dang and Jonathan Ness note that this is the first time Office 2003 SP3 (fully patched) has been successfully attacked in the wild since its release in September 2007.

Continue reading →

McAfee said Wednesday that it was able to confirm an earlier reported zero-day flaw in Yahoo Messenger, which could put users at risk of a code-execution attack.

According to a post on the company's Avert Labs web log, the flaw can be exploited when the victim accepts an invite for a webcam chat. McAfee said that it had informed Yahoo of the issue, which was not available for comment.

Continue reading →

It took security engineers perhaps less than two hours yesterday to introduce Apple's surprise entry in the field of Windows browsers to the big, cruel world of exploits and vulnerabilities, following its introduction yesterday morning at WWDC. As a result, much of the clout Safari had received as the secure browsing alternative to Internet Explorer and Firefox -- as long as it was on a Macintosh -- was burned off like fire to a flash fuse.

Errata Security engineer David Maynor had a report posted on the first vulnerability he found by 1:48 pm, complete with screenshots of the pre-crash letdown dialog produced by his fuzzing tool. As he admitted, it wasn't a difficult crash to find, posting a screen shot of the memory dump revealing both a stack corruption and an access violation, and then giving credit to Thor Larholm for posting a complete report on the calamity not an hour later.

Continue reading →

Even if today's most prominent malicious software writers aren't particularly clever - waiting until security engineers discover another Windows problem then going after it with a "zero-day exploit" - engineers at McAfee's Avert Labs believe they may actually be learning about how to use timing to maximize their impact on the public.

The team is saying they believe malicious writers now tend to release their code on Microsoft's regular Patch Tuesday, in order to maximize its window of opportunity to exploit systems before the next month's Patch Tuesday rolls around.

Continue reading →

Microsoft on Tuesday released a bevy of patches, including three critical patches for the Microsoft Windows operating system, two for Office, and a critical patch for its antivirus and anti-malware software products.

Altogether, twelve patches were released, and the Redmond company finally addressed the issues within Microsoft Word and Office that were being exploited in zero-day attacks. Both Office patches dealt with code execution issues.

Continue reading →

A researcher has posted proof-of-concept code for a zero-day flaw within Mac OS X dealing with its handling of disk image (.dmg) files. The issue causes a memory corruption vulnerability that could allow attackers to execute arbitrary code.

The disclosure of the bug comes as part of a larger effort by an anonymous security researcher that posts to his blog using the initials "LMH." He plans to release one kernel bug every day during the month of November.

Continue reading →

Microsoft confirmed the existence Thursday of a vulnerability affecting the Windows Shell feature in Windows XP, 2000, and 2003. The issue exists in the WebViewFolderIcon ActiveX control, and successful exploitation could result in an attacker gaining the same user rights as a local user.

According the FrSIRT, the vulnerability was first discovered in mid-July, however exploit code did not surface until recently.

Continue reading →

A new zero-day exploit was disclosed over the weekend for an unpatched flaw in Microsoft's PowerPoint software, which could allow for an attacker to take complete control of an affected system and run arbitrary code.

Although details on the exploit are scant, it is known the malware that is distributing the exploit is a trojan horse.

Continue reading →

Symantec on Wednesday issued an advisory about a new trojan that takes advantage of an undocumented vulnerability in PowerPoint to infect a victim's computer with a backdoor. The malware, dubbed Trojan.PPDropper.B, uses a malformed string to execute code and modify EXPLORER.EXE.

While Symantec only gives PPDropper.B a risk level of "Very Low," Sunbelt Software CEO Alex Eckelberry notes that the attack looks more intended for corporate espionage than causing widespread damage. The trojan is currently being spread via e-mail, with a subject containing Chinese characters.

Continue reading →