Login  |  Register  |  Contact

0day

Thursday, January 10, 2013

Java Sucks. Again.

By Rich

Zero-day in the wild, in a popular exploit kit.

From Brian Krebs:

The hackers who maintain Blackhole and Nuclear Pack – competing crimeware products that are made to be stitched into hacked sites and use browser flaws to foist malware — say they’ve added a brand new exploit that attacks a previously unknown and currently unpatched security hole in Java.

Alienvault confirms:

Earlier this morning @Kafeine alerted us about a new Java zeroday being exploited in the wild. With the files we were able to obtain we reproduced the exploit in a fully patched new installation of Java. As you can see below we tricked the malicious Java applet to execute the calc.exe in our lab.

To the best of your ability, disable Java in browsers and keep it that way. Otherwise you need alternate compensating controls. No idea if EMET helps with this, but that’s one place to start looking.

–Rich

Tuesday, July 14, 2009

Microsoft Patched; Firefox’s Turn

By Rich

While Microsoft releases patches for various vulnerabilities, including the two active zero day attacks, Firefox is being actively exploited.

According to the Mozilla Security Blog, there is a flaw in how Firefox handles JavaScript. We suggest you follow the instructions in that post to mitigate the flaw until they release a patch (which should be soon).

Not that we plan to post every time some piece of software is exploited or patched, but this series seems to… bring some balance to the Force.

–Rich

Monday, July 13, 2009

Second Unpatched Microsoft Flaw Being Exploited

By Rich

Microsoft released an advisory today that an unpatched vulnerability in the Office Web Components ActiveX control allows an attacker to run arbitrary code as the logged-in user. Worse yet, this is being actively exploited in the wild. Fortunately it is easy to protect against.

For the technical details, please see the SANS Internet Storm Center post, and the official Microsoft advisory.

Here’s the short version and how to protect yourself:

  1. This is a flaw in the spreadsheet ActiveX control that comes with Office. It only works if you visit a malicious link with Internet Explorer, and have a vulnerable version of Office installed (if you have Office, it’s safest to assume you are vulnerable).
  2. This does not affect Outlook, unless you click on an email link that opens Internet Explorer.
  3. It is actively being exploited by bad guys on the Internet, and Microsoft is working on a patch.
  4. If you switch to another browser, you are safe.
  5. If you still need to use IE, you can click on this link for a tool that will help disable the control. Don’t try this if you are on a work computer without talking to IT.

And that’s it – no reason to panic, with plenty of ways to protect yourself. You can now safely ignore all the scary emails you’ll be getting any moment from various security vendors…

(This is unrelated to the other ActiveX 0day that popped up last week and is also being actively exploited).

–Rich