Having recently ruffled Microsoft’s feathers by (responsibly) disclosing three unpatched vulnerabilities in Windows to the general public, Google’s Project Zero team has now turned its attention to the other side of the PC-Mac divide. The outfit recently spilled the beans on three zero-day vulnerabilities in Apple’s OS X operating system.
Google and Microsoft have different opinions on public disclosure policies
For the third time in a month, Google has gone ahead and disclosed all the gory details of a zero day vulnerability affecting Windows before Microsoft could get around to releasing a patch. It affects both Windows 7 and Windows 8.1 and has to do with how applications handle memory encryption to allow for data flow back and forth between processes running in the same logon session.
Microsoft has warned Internet Explorer users of a remote code execution vulnerability (CVE-2014-1776 ) that is present in versions 6 through 11. The company is aware of limited, targeted attacks aimed at exploiting the vulnerability, the Redmond outfit said in a security advisory issued on Saturday.
IE flaw could allow hackers to wreak havoc remotely
Be advised that if you're running Internet Explorer version 8 or 9, you could be a sitting duck for a remote code execution attack. Microsoft is aware of the zero day flaw and has issued an emergency Band-Aid as a temporary fix as it continues to investigate the issue. Applying Microsoft's "CVE-2013-3893 MSHTML Shim Workaround" prevents attackers from being able to exploit the security flaw until a permanent fix is rolled out.
A security researcher, known only by his nom de guerre “Cupidon-3005,” disclosed a new zero-day bug in Windows Server Message Block (SMB) on Monday. Opting for full disclosure, the security researcher posted exploit code for the vulnerability that, according to Secunia, can be exploited “to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.” Hit the jump for Microsoft’s statement acknowledging the flaw.
It's that time of the month again when Microsoft plugs some of the holes in its software. If the sheer number of vulnerabilities a Patch Tuesday addresses is the best way to gauge its significance, it does not get any bigger than this: MS is slated to release 14 security bulletins covering 34 vulnerabilities in Windows, Internet Explorer, Office and Silverlight.
But the record number of security bulletins will not include a fix for a recently revealed bug in the Windows kernel driver. The zero-day bug was reported by Gil Dabah (aka Arkon), an Israeli security researcher, who also published proof-of-concept exploit code on his site RageStorm.com. According to Jerry Bryant, Microsoft's group manager of response communications: "Microsoft is investigating reports of a possible vulnerability in Windows Kernel. Upon completion of the investigation, Microsoft will take appropriate actions to protect customers."
“This issue is caused by a buffer overflow error in the 'CreateDIBPalette()' function within the kernel-mode device driver 'Win32k.sys' when using the 'biClrUsed' member value of a 'BITMAPINFOHEADER' structure as a counter while retrieving Bitmap data from the clipboard, which could be exploited by malicious users to crash an affected system or potentially execute arbitrary code with kernel privileges,” reads an advisory issued by French security research firm VUPEN.
Microsoft has already addressed 13 Windows kernel bugs in 2010. According to security researcher Tavis Ormandy, who recently infuriated Redmond by hastily exposing a critical zero-day Windows bug, the company has been vulnerable to public kernel flaws for most of this year.
Internet Explorer users who have yet to upgrade to IE8 should take note. According to security firm Symantec, there's a pretty nasty Zero Day exploit that affects both IE6 and IE7.
"The exploit currently exhibits signs of poor reliability, but we expect that a fully-functional reliable exploit will be available in the near future," Symantec explained in a blog post. "When this happens, attackers will have the abilty to insert the exploit in websites infecting potential visitors."
It was reported that just a day after Microsoft squashed a dozen bugs in its software, there remained an unpatched bug in Windows 7 and Server 2008 R2 capable of locking up systems and forcing a complete shutdown in order to regain control. Turns out the report was true, as Microsoft Friday evening confirmed that the unpatched vulnerability does indeed exist.
"Microsoft is aware of public, detailed exploit code that would cause a system to stop functioning or become unreliable," Dave Forstrom, a spokesman for Microsoft security group, said in an email. "The company is not aware of attacks to exploit the reported vulnerability at this time."
In theory, the attacks could be targeted towards any browser. Should a user be tricked into visiting a malicious site, hackers could send out tainted URIs (uniform resource identifiers) and crash their PCs.
Microsoft didn't give a time frame on when it will patch the bug. In the meantime, users can stay protected by blocking TCP ports 139 and 445 at the firewall, although doing so would also disable browsers and a host of critical services, including network file-sharing and IT group policies, ComputerWorld reports.