Zero Day Exploits Appear

[Peaches]

10 December 2008, 10:33

Third Zero Day exploit appears [/b]

Microsoft has confirmed it is investigating another zero day exploit. This time, the vulnerability appears to affect the WordPad Text Converter for Word 97 files on Windows 2000 Service Pack 4, Windows XP Service Pack 2, Windows Server 2003 Service Pack 1, and Windows Server 2003 Service Pack 2. Microsoft says that Windows XP Service Pack 3, Vista and Server 2008 are unaffected as they do not contain the vulnerable code.

Microsoft says that the vulnerability requires a user to open an attachment or file which starts up WordPad. If Microsoft Word is installed on the system, then the vulnerability isn't exploitable, unless the file has a Windows Write (.wri) extension which would still start WordPad.

Microsoft has not yet announced how they will handle the issue and are keeping their options open saying "Upon completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through a service pack, our monthly security update release process, or an out-of-cycle security update, depending on customer needs". Microsoft says it is only aware of limited, targeted attacks and that the vulnerability has not been widely disseminated."

See Also

Vulnerability in WordPad Text Converter Could Allow Remote Code Execution, Microsoft Security Advisory (960906)

Heise Security: http://www.heise-online.co.uk/security/Thi...s--/news/112209

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

10 December 2008, 10:05

Two new zero-day exploits dent Microsoft's Patch Tuesday

"Microsoft's Patch Day delivered eight updates, but has been overshadowed by newly discovered zero day holes, which are apparently not closed by the new updates.

As promised by Microsoft, this Patch Tuesday updates include security patches for the GDI Windows system component, the media components, the Windows search feature, Internet Explorer, Word, Excel, Visual Basic 6.0, and the SharePoint and Search Servers. The Windows Malicious Software Removal Tool also received an update.

But earlier on in the day, SEC Consult security expert Bernhard Mueller reported a memory problem in Microsoft SQL Server 2000 he could exploit in his lab to inject and execute code in a system.

This was joined, later in the day, by an exploit connected to Internet Explorer 7's handling of XML which is being circulated on Chinese forums. According to the US PCWorld website, security expert Wayne Huang of Armorize Technologies reports that this hole is already being exploited. On a heise Security Windows XP test system, already updated to include the December patches, the zero-day exploit launched a program called ko[1].exe which immediately contacted a Chinese server and began to install rootkit components. The problem is, therefore, extremely critical and acutely threatens the users of Internet Explorer 7. As a temporary workaround, users can disable Active Scripting as described heise's Browsercheck."

Heise security for details: http://www.heise-online.co.uk/security/Two...y--/news/112206