0-day Archives -


CVE2012-1889: MSXML use-after-free vulnerability

As soon as Microsoft had released patches for security bulletin MS12-037 (which patched 13 vulnerabilities for Internet Explorer) Google published information (Microsoft XML vulnerability under active exploitation) about a new zero-day vulnerability (CVE-2012-1889) in Microsoft XML Core Services. Sometimes vulnerabilities are discovered at a rate that outpaces the patching process and so a temporary fix

Infosecurity Conference APTitude Adjustment

If you're interested in the "APT: Real Threat or Just Hype" keynote session I took part in during the recent Infosecurity Virtual Conference, you can now hear and see the presentations and Q&A  (and the other panel sessions from the conference). Register here. Here are the details for that keynote session, chaired by Steve Gold,

Stuxnet and the DHS

In fact, the real interest of the document lies in the extensive overview (12 closely-typed pages without graphics and such) of the DHS view of its own cybersecurity mission.

Phishphloods: Not all Phishing is Spear-Phishing

You don't need more advice from me on avoiding phishing following the Epsilon fiasco: Randy, among others has posted plenty of sound advice, and I put some links to relevant articles here, though I don't know of anyone who's published a list of the whole 2,500 or so companies that are apparently Epsilon's customers, though comment threads

The Stuxnet Train Rolls On…

… albeit more slowly than previously. Added to the resources page at http://blog.eset.com/2011/01/23/stuxnet-information-and-resources-3 today: A nice article by Mark Russinovich on Analyzing a Stuxnet Infection with the Sysinternals Tools, Part 1. Though I don't think Stuxnet is universally acknowledged as the most sophisticated malware ever. See, for instance, http://gcn.com/articles/2011/01/18/black-hat-stuxnet-not-superworm.aspx. (Hat tip to Security Garden for the pointer.)

Win32/Stuxnet Signed Binaries

On July 17th, ESET identified a new malicious file related to the Win32/Stuxnet worm. This new driver is a significant discovery because the file was signed with a certificate from a company called "JMicron Technology Corp".  This is different from the previous drivers which were signed with the certificate from Realtek Semiconductor Corp.  It is

R.I.P. IE 6

R.I.P. IE6 Targeted and sophisticated attacks against Google, Adobe, and Juniper used an unpatched vulnerability in Internet Explorer to breach computers. These incidents are receiving a lot of attention from the media much due to the size and notability of the companies affected. France, Germany and now Australia have issued guidelines and urged users to

SMB2 0-Day update

Microsoft’s advisory on the SMB driver issue is now available. As expected, it includes some comments on mitigation, but they’re rather fluffy. It advocates “Firewall best practices and standard default firewall configurations”, which “can help protect networks from attacks that originate outside the enterprise perimeter,”  and suggests exposing a “minimal number of ports”. Well, duh… I’d expect any firewall

SMB2 zero-day

Some traffic has crossed my radar concerning a 0-day exploit that apparently enables a remote attacker to crash a Vista or Windows 7 system with SMB enabled (and according to subsequent reports, Server 2008). The original post and exploit are claimed to demonstrate the possibility of a Blue Screen Of Death (BSOD) and (normally) an automatic reboot when

Top 25 Programming Errors

Not one of our Top X lists, this time, but one featured in an article on the SANS site. SANS have been banging the drum for safer coding for quite a while – in fact, they do quite a few courses on safe coding in various development contexts. Admittedly, that gives them a financial incentive to fly

Self-Protection Part 8

Don’t expect antivirus alone to protect you from everything. Use additional measures such as a personal firewall, antispam and anti-phishing toolbars, but be aware that there is a lot of fake security software out there. This means that you need to take care to invest in reputable security solutions, not malware which claims to fix

Internet Explorer Problems

It probably isn’t news to you that there’s been an issue with Internet Explorer and a recently-discovered vulnerability that exposes users of the application to a range of attacks. Certainly we’ve been getting lots of enquiries about our ability to detect it, and I suspect other vendors are getting the same barrage of questions. Of