A day after Microsoft released 12 patches that fixed 21 vulnerabilities, including an exploit in Word, it appears that reports of a new vulnerability in Microsoft Excel are surfacing.
Here’s what we know: In order for this attack to be carried out, a user must first open a malicious Excel document that is sent as an email attachment or otherwise provided to them by an attacker. (note that opening it out of email will prompt you to be careful about opening the attachment) So remember to be very careful opening unsolicited attachments from both known and unknown sources.
There probably will not be a patch until the next Patch Tuesday so be on the lookout for any malicious activity that may attempt to exploit this vulnerability.
The second largest patch Tuesday has arrived, with Microsoft issuing fixes for 8 critical security flaws, and a host of other non-criticals, in a number of their products. Today’s set of patches offered the greatest number since February 2005, and is the second largest overall.
Out of the eight critical fixes, 2 resolve Internet Explorer vulnerabilities, 1 is for Windows Media Player, 2 are for the Windows operating system itself, 1 is for Word and 1 is for PowerPoint. The Word patch reconciles a major security issue regarding a highly-publicized zero-day exploit, which has already used in conjunction with a number of attacks. The vulnerability can be exploited after a user opens a specially crafted Word file with a malformed object pointer, allowing for code execution.
There is also a cumulative patch for Internet Explorer, which fixes five code execution vulnerabilities, a spoofing flaw, and an issue that could pose both an information disclosure or spoofing risk. Modifications to the way that Internet Explorer handles ActiveX controls is also included in the IE cumulative update.
It is highly recommended that all organizations take the necessary steps required in order to install these patches, especially considering the critical exploits that they resolve.
Exploit Prevention Labs, a company that I have never heard of prior to today, has just released SocketShield, an application that supposedly is capable of blocking zero-day exploits from penetrating a workstation.
SocketShield is the world’s first dedicated zero-day exploit blocker. Using a unique combination of research technologies, a deep understanding of anti-malware techniques, and skilled coding, the software is able to block exploits from entering your computer, regardless of how long it takes for the vendors of vulnerable applications to issue patches - or how long it takes for you to install those patches.
As the name implies, SocketShield works at the socket level. Sockets are the points of entry used by your computer to allow programs to be downloaded from the web and other sources; these sockets can be opened and closed to enable or prevent downloads. SocketShield uses the knowledge gained through its multiple research channels to determine whether any download is an exploit and to close any socket that a known or suspected exploit is attempting to use.
Certainly sounds like an intriguing tool that I am very interested in test-driving. A free trial is available, which I intend to download and install this week sometime. Look for an upcoming article that details the software and its capabilities.
A newly discovered Symantec AntiVirus worm hole puts millions at risk without any user interaction whatsoever.
“This is definitely wormable. Once exploited, you get a command shell that gives you complete access to the machine. You can remove, edit or destroy files at will,” said eEye Digital Security spokesperson Mike Puterbaugh.
Oddly enough, Symantec’s Personal Firewall was designed to protect against this vulnerability, which means that the company was somewhat aware of this issue. Look for a patch to be issued within the coming days.