Author Topic: Exploit for "Zero-Day" Vulnerability Detected by Microsoft  (Read 36325 times)

0 Members and 1 Guest are viewing this topic.

Offline avatar2005

  • Avast Evangelist
  • Poster
  • ***
  • Posts: 423
  • In search of Harmony in our lives
Exploit for "Zero-Day" Vulnerability Detected by Microsoft
« on: April 02, 2007, 12:17:40 PM »
31.03.2007 New MS Windows Exploit see here: Microsoft Security Advisory (935423) and it still no fixed :(
« Last Edit: April 02, 2007, 12:20:12 PM by avatar2005 »
Let the God & The forces of Light will guiding you.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 85959
  • No support PMs thanks
Re: Exploit for "Zero-Day" Vulnerability Detected by Microsoft
« Reply #1 on: April 02, 2007, 02:39:17 PM »
There are new detections in the VPS for this vulnerability and it has been discussed in the forums previously. Check the VPS History and look for win32:ani- lots added in todays VPS update and many more a few days ago, 30/4, 31/4.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.9.2494 (build 21.9.6698.703) UI 1.0.672/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline avatar2005

  • Avast Evangelist
  • Poster
  • ***
  • Posts: 423
  • In search of Harmony in our lives
Re: Exploit for "Zero-Day" Vulnerability Detected by Microsoft
« Reply #2 on: April 02, 2007, 05:18:33 PM »
No, you missunderstood me :-\. I mean to say that Microsoft hasn't release a fix to that "hole"  ::)
Let the God & The forces of Light will guiding you.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 85959
  • No support PMs thanks
Re: Exploit for "Zero-Day" Vulnerability Detected by Microsoft
« Reply #3 on: April 02, 2007, 05:30:50 PM »
They are by all accounts going to release one tomorrow Wed 3rd April, avast general forum, >> Updates << topic.

Thankfully avast have been all over it like a rash with the VPS updates.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.9.2494 (build 21.9.6698.703) UI 1.0.672/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33374
  • malware fighter
Re: Exploit for "Zero-Day" Vulnerability Detected by Microsoft
« Reply #4 on: April 02, 2007, 06:03:01 PM »
Hi avatar2005 and DavidR,

Good that avast protects us from the first worm that uses the animated cursor leak in Windows. This worm spreads through e-mails and infected websites. So using Firefox browser until the hole is patched is recommended. Whenever you view the HTML the worm can be spread further, not only via the ANI-exploit, also through USB sticks and other media. The worm changes the settings of the Host file, and downloads a variant of the Trojan-PWS.Win32OnLineGames malware.
Microsoft was aware of this hole since December last. In severity the ANI-leak equals the WMF bug, so Internet Storm Center has yellow now.
ANI files date from the days of Windows 3.1. It is a bug in user32.dll, present in all 32bit Windows versions.
Actually it is a ridiculously simple bug, a stack-overflow in the second non-checked part of the ANI-header, more so while a similar stack overflow had been found in the first part of the ANI-header in 2005.
I think we are unaware of what holes lay dormant waiting for us to be discovered in the near future.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 46295
  • 61 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Exploit for "Zero-Day" Vulnerability Detected by Microsoft
« Reply #5 on: April 02, 2007, 07:13:31 PM »
Microsoft knew of Windows .ANI flaw since December 2006
http://blogs.zdnet.com/security/?p=143&tag=nl.e589
Free avast! Security Seminar: http://bit.ly/2N1eaR2  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v21H2 64bit, 16 Gig Ram, 1TB SSD, AvastOmni 21.6, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq

Offline cogadh

  • Jr. Member
  • **
  • Posts: 28
Re: Exploit for "Zero-Day" Vulnerability Detected by Microsoft
« Reply #6 on: April 02, 2007, 07:30:10 PM »
Microsoft knew of Windows .ANI flaw since December 2006
http://blogs.zdnet.com/security/?p=143&tag=nl.e589

Which is why will never use Internet Explorer again. Microsoft is notified of flaws and rather than address it immediately with at least some advice/warnings to their customers, they stay silent for four months before even mentioning it. I understand it can take time for them to come up with a permanent solution, but in the meantime users who don't know any better are infecting their machines daily. All Microsoft's silence does is perpetuate the proliferation of viruses around the world.
Cry 'Havoc' and let slip the dogs of War!

Offline drhayden1

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3233
  • Avast & Garfield-Best Protection
Re: Exploit for "Zero-Day" Vulnerability Detected by Microsoft
« Reply #7 on: April 02, 2007, 07:42:10 PM »
is this the one you are talking about ???
ANI Exploits - Microsoft releasing emergency patch on April 3rd

I'd suggest the following:

* Make sure anti-virus is on the latest definitions on servers and clients
* Avoid the eEye and ZERT patches in favor of the official patch
* Look at mitigating factors documented in the MS advisory
* Pilot test and roll the official patch out promptly
* All HTML code is now a little more dangerous and folks should be extra careful with email and website visitations.

ANI Exploits - Microsoft releasing emergency patch on April 3rd
http://www.microsoft.com/technet/security/...in/advance.mspx
http://isc.sans.org/diary.html?storyid=2555

Most of you probably won’t have to worry though, because most use either Opera or Firefox as their browser. This vulnerability only applies to Internet Explorer 6 or 7 on Windows 2000, XP, 2003, and Vista. However, if you’re using IE 7 on Vista and you have the User Account Control (UAC) enabled then you are also fine. When you have UAC enabled it will force IE 7 to run in “protected mode” which is helpful at preventing unwanted attacks such as this one.
« Last Edit: April 02, 2007, 07:54:52 PM by drhayden1 »
Gateway Laptop-AMD Phenom™ II Quad-Core Processor N830 (2.1GHz)-5000MB Dual-Channel DDR3 1066MHz Memory-ATI Radeon® HD 5650 Graphics with up to 1024MB of dedicated memory-500GB 5400RPM SATA hard drive-Windows® 8 Pro (64bit)-Windows Live Mail-Kaspersky Pure 3.0-WinPatrol Plus....

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33374
  • malware fighter
Re: Exploit for "Zero-Day" Vulnerability Detected by Microsoft
« Reply #8 on: April 02, 2007, 08:23:12 PM »
Hi drhayden1,

What I cannot understand is that this hole has been there since the days of Windows 3.1 (in computer terms that is Dino time), they had it in 2005 (other (first) part of the ANI-header), then warned for this one since 2006, and only when the cat is out of the basket they hurry for an emergency patch to be brought out.
The stack overflow was that simple you can take it from any hacker example textbook.

It is the same like you would steer a hum V built on a Volkwagen beetle frame and parts. Would not it rattle while the repair man running next to it to keep it patched? Who is living in cuckoo-land now?

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline avatar2005

  • Avast Evangelist
  • Poster
  • ***
  • Posts: 423
  • In search of Harmony in our lives
Re: Exploit for "Zero-Day" Vulnerability Detected by Microsoft
« Reply #9 on: April 02, 2007, 08:59:50 PM »
is this the one you are talking about ???
ANI Exploits - Microsoft releasing emergency patch on April 3rd

***Skip***

Most of you probably won’t have to worry though, because most use either Opera or Firefox as their browser. This vulnerability only applies to Internet Explorer 6 or 7 on Windows 2000, XP, 2003, and Vista. However, if you’re using IE 7 on Vista and you have the User Account Control (UAC) enabled then you are also fine. When you have UAC enabled it will force IE 7 to run in “protected mode” which is helpful at preventing unwanted attacks such as this one.

Well I don't have a Vista to use UAC, but I indeed use a Opera 9.1, so I think, I'm protected better than those who use IE. ::)  ???
Let the God & The forces of Light will guiding you.

Offline drhayden1

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3233
  • Avast & Garfield-Best Protection
Re: Exploit for "Zero-Day" Vulnerability Detected by Microsoft
« Reply #10 on: April 02, 2007, 09:15:39 PM »
same here use opera and also avant(ie clone)but won't use for the time being :o
and polonus why didn't they take care of this problem long ago but finally since the cat is out of the hat they are running around like crazy mice fixing the problem 8)
click on pic to enlarge ::)
« Last Edit: April 02, 2007, 09:17:35 PM by drhayden1 »
Gateway Laptop-AMD Phenom™ II Quad-Core Processor N830 (2.1GHz)-5000MB Dual-Channel DDR3 1066MHz Memory-ATI Radeon® HD 5650 Graphics with up to 1024MB of dedicated memory-500GB 5400RPM SATA hard drive-Windows® 8 Pro (64bit)-Windows Live Mail-Kaspersky Pure 3.0-WinPatrol Plus....

Offline Marc57

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1944
  • KISS Rules The World!!!
    • KISS Army
Re: Exploit for "Zero-Day" Vulnerability Detected by Microsoft
« Reply #11 on: April 02, 2007, 09:27:03 PM »
If you want to hear more about this, Steve Gibson has made a special edition of Security Now that talks about this.

http://www.twit.tv/SN
You Wanted the Best You Got the Best the Hottest Band in the World KISS!!!

Offline drhayden1

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3233
  • Avast & Garfield-Best Protection
Re: Exploit for "Zero-Day" Vulnerability Detected by Microsoft
« Reply #12 on: April 02, 2007, 09:32:16 PM »
thanks marc57
Depending upon your level of concern and/or exposure you could install the eEye patch now, or wait (one day) for Microsoft's official update. But be sure to look for this update on or after Tuesday, April 3rd.-sure will-but will get the official update to be on the safe side ::)
click to make kiss a-little bigger ;D
« Last Edit: April 02, 2007, 09:40:46 PM by drhayden1 »
Gateway Laptop-AMD Phenom™ II Quad-Core Processor N830 (2.1GHz)-5000MB Dual-Channel DDR3 1066MHz Memory-ATI Radeon® HD 5650 Graphics with up to 1024MB of dedicated memory-500GB 5400RPM SATA hard drive-Windows® 8 Pro (64bit)-Windows Live Mail-Kaspersky Pure 3.0-WinPatrol Plus....

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33374
  • malware fighter
Re: Exploit for "Zero-Day" Vulnerability Detected by Microsoft
« Reply #13 on: April 02, 2007, 09:39:33 PM »
Hi drhayden1,

What shall we say to the "mice". We read in the textbook that counter-measures can be taken against stack overflow vulnerabilities, that is using secure programming code. Well no code is free of errors, but all too often code is produced that is brought in to solve some urgent problem (as is demonstrated here again), security in that case is often not taken as a first priority. Vendors of code (Microsoft at all included) are sloppy with code, too many are aware their code is full of holes, but do not want to pay attention or try to solve problems later in the form of a patch. Secure compilers shouild be used; arguments should be validated whether they are user- or program-directed. This may slow programs down slightly, but security of the application is enhanced. Use secure routines and check the return codes. Minimalize the number of processes that run. And install all vendor patches.
We advice not to install third party patches. The eEye patch already being circumvented by the malcreants. But our mice can read text books as well I think,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline drhayden1

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3233
  • Avast & Garfield-Best Protection
Re: Exploit for "Zero-Day" Vulnerability Detected by Microsoft
« Reply #14 on: April 02, 2007, 09:43:52 PM »
thanks for the advice and or warning my friend on the patch issue..will wait till microsoft and their mouse running around with their heads cut off release the patch for us we thought protected computers users can get ::) ??? 8)
end of story :o
Gateway Laptop-AMD Phenom™ II Quad-Core Processor N830 (2.1GHz)-5000MB Dual-Channel DDR3 1066MHz Memory-ATI Radeon® HD 5650 Graphics with up to 1024MB of dedicated memory-500GB 5400RPM SATA hard drive-Windows® 8 Pro (64bit)-Windows Live Mail-Kaspersky Pure 3.0-WinPatrol Plus....