Zero-day in the wild, in a popular exploit kit.
From Brian Krebs:
The hackers who maintain Blackhole and Nuclear Pack – competing crimeware products that are made to be stitched into hacked sites and use browser flaws to foist malware — say they’ve added a brand new exploit that attacks a previously unknown and currently unpatched security hole in Java.
Earlier this morning @Kafeine alerted us about a new Java zeroday being exploited in the wild. With the files we were able to obtain we reproduced the exploit in a fully patched new installation of Java. As you can see below we tricked the malicious Java applet to execute the calc.exe in our lab.
To the best of your ability, disable Java in browsers and keep it that way. Otherwise you need alternate compensating controls. No idea if EMET helps with this, but that’s one place to start looking.
Posted at Thursday 10th January 2013 4:40 pm
(0) Comments •
While Microsoft releases patches for various vulnerabilities, including the two active zero day attacks, Firefox is being actively exploited.
Not that we plan to post every time some piece of software is exploited or patched, but this series seems to… bring some balance to the Force.
Posted at Tuesday 14th July 2009 7:09 pm
(1) Comments •
Microsoft released an advisory today that an unpatched vulnerability in the Office Web Components ActiveX control allows an attacker to run arbitrary code as the logged-in user. Worse yet, this is being actively exploited in the wild. Fortunately it is easy to protect against.
For the technical details, please see the SANS Internet Storm Center post, and the official Microsoft advisory.
Here’s the short version and how to protect yourself:
- This is a flaw in the spreadsheet ActiveX control that comes with Office. It only works if you visit a malicious link with Internet Explorer, and have a vulnerable version of Office installed (if you have Office, it’s safest to assume you are vulnerable).
- This does not affect Outlook, unless you click on an email link that opens Internet Explorer.
- It is actively being exploited by bad guys on the Internet, and Microsoft is working on a patch.
- If you switch to another browser, you are safe.
- If you still need to use IE, you can click on this link for a tool that will help disable the control. Don’t try this if you are on a work computer without talking to IT.
And that’s it – no reason to panic, with plenty of ways to protect yourself. You can now safely ignore all the scary emails you’ll be getting any moment from various security vendors…
(This is unrelated to the other ActiveX 0day that popped up last week and is also being actively exploited).
Posted at Monday 13th July 2009 7:08 pm
(0) Comments •