Author Topic: Exploit for "Zero-Day" Vulnerability Detected by Microsoft  (Read 42030 times)

0 Members and 1 Guest are viewing this topic.

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48524
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Exploit for "Zero-Day" Vulnerability Detected by Microsoft
« Reply #60 on: April 09, 2007, 03:53:38 AM »
David
I can leave my doors and windows wide open and it's still a crime
to break into my house.... :)
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88900
  • No support PMs thanks
Re: Exploit for "Zero-Day" Vulnerability Detected by Microsoft
« Reply #61 on: April 09, 2007, 04:07:13 AM »
It might be a crime that doesn't mean your insurance company will pay out if you leave it unlocked or your premiums won't go up.

Yes it may be a computer crime (local laws accepted) for someone to break into your computer first they have to be caught but they are only able to do it because of vulnerabilities that haven't been closed. Were is the same punishment/consequences for their lax security, as for you the home owner whose premiums go up because you were burgled.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48524
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Exploit for "Zero-Day" Vulnerability Detected by Microsoft
« Reply #62 on: April 09, 2007, 04:11:57 AM »
I guess the world has turned upside down.
It's the homeowners fault when he gets robbed and the poor crook
should get a medal for showing every one how dishonest he is.
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4872
  • I'm a GNU
    • Don't Surf in the Nude!
Re: Exploit for "Zero-Day" Vulnerability Detected by Microsoft
« Reply #63 on: April 09, 2007, 08:21:35 AM »
The problem now affects several applications: the original Realtek control panel, the tax program Polonus mentioned:

http://sunbeltblog.blogspot.com/2007/04/ani-exploit-fixed-germany-gets-tax-free.html

and others:

Quote
This problem occurs when the following third-party applications are installed:
•   Realtek HD Audio Control Panel
•   ElsterFormular 2006/2007
•   TUGZip
•   CD-Tag

     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88900
  • No support PMs thanks
Re: Exploit for "Zero-Day" Vulnerability Detected by Microsoft
« Reply #64 on: April 09, 2007, 02:23:08 PM »
I guess the world has turned upside down.
It's the homeowners fault when he gets robbed and the poor crook
should get a medal for showing every one how dishonest he is.

That is not what I mean, it is not what I said and you know it Bob, lets not forget you paid handsomely for windows and there is an expectation that it is fit for purpose. There are security holes galore in the windows OSes that are being exploited and at times they are very sloe to respond with some vulnerabilities months or more old and unpatched.

In a consumer environment you have a right to expect a product works or you try to get your money back under the sale of goods protection, try doing that with MS if you have broken the shrink wrap. If you have a car and it has faults that cause it to crash you would claim against the company, try doing that with MS.

Consumers have a right to expect a product that they purchased is fit for purpose or have it fixed promptly.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline OrangeCrate

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 798
Re: Exploit for "Zero-Day" Vulnerability Detected by Microsoft
« Reply #65 on: April 09, 2007, 05:06:34 PM »
I guess the world has turned upside down.
It's the homeowners fault when he gets robbed and the poor crook
should get a medal for showing every one how dishonest he is.

That is not what I mean, it is not what I said and you know it Bob, lets not forget you paid handsomely for windows and there is an expectation that it is fit for purpose. There are security holes galore in the windows OSes that are being exploited and at times they are very sloe to respond with some vulnerabilities months or more old and unpatched.

In a consumer environment you have a right to expect a product works or you try to get your money back under the sale of goods protection, try doing that with MS if you have broken the shrink wrap. If you have a car and it has faults that cause it to crash you would claim against the company, try doing that with MS.

Consumers have a right to expect a product that they purchased is fit for purpose or have it fixed promptly.

This is one of the best testimonials for switching to Linux as a primary operating system, and a commitment to open source, community developed software that I've ever seen.

Tech, Justin, or myself would be delighted to answer any questions you might have in making the switch...

 ;D

Offline Marc57

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1944
  • KISS Rules The World!!!
    • KISS Army
Re: Exploit for "Zero-Day" Vulnerability Detected by Microsoft
« Reply #66 on: April 09, 2007, 09:35:28 PM »
Microsoft to push fix for patch trouble

Microsoft on Tuesday plans to push out a fix to repair problems caused by last week's emergency cursor flaw patch.


http://news.com.com/Microsoft+to+push+fix+for+patch+trouble/2100-1002_3-6174540.html?tag=html.alert
You Wanted the Best You Got the Best the Hottest Band in the World KISS!!!

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4872
  • I'm a GNU
    • Don't Surf in the Nude!
     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48524
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Exploit for "Zero-Day" Vulnerability Detected by Microsoft
« Reply #68 on: April 10, 2007, 03:15:47 PM »
Instead of pushing out news about the Vulnerability,
the push should be on making people aware that a patch has
already been issued.
Just update your system and you can put this breach behind you.  :)
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48524
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Exploit for "Zero-Day" Vulnerability Detected by Microsoft
« Reply #69 on: April 10, 2007, 09:11:25 PM »
Responsible disclosure, the Microsoft way
No credit for the researcher who discovered  the ani vulnerability.  >:( :( >:(
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Exploit for "Zero-Day" Vulnerability Detected by Microsoft
« Reply #70 on: April 10, 2007, 10:24:04 PM »
Hi bob3160,

But that is not the attitude of the reseachers that make a full disclosure. They give the software developer 48 hours and then they open up with what they stumbled upon. In the case of the firebug gaping hole, pdp did not wait, and went public with it being aware the developer was away for Easter. You can read it here: http://www.gnucitizen.org/blog/firebug-goes-evil and my proposed simple protection near the bottom of the blog page. Anyways the firebug extension was immediately updated to a secure version, accolades to the developer there. Well that is why patches come that fast in public code. It works two ways. Those that find up holes and those that close them henceon work together to improve the code. They are waltzing towards security, not dancing constantly on the edge of a cliff..

How in contrast then with the security policy of the makers of the MS close code. These herders of what is mainly "security through obscurity" have other interests seemingly, and try to keep the lid on vulnerabilities (hushing up on the one we discussed here for a couple of months, hoping it would not materialize??). That is why we haven't seen a complete overhaul of this "code built on code" with dinosaur insecure bits in it, dating back from the days of win 3.01. As long as no-one is rattling the skeleton-bones a bit, they are kept hanging there...until they come down eventually. You just cannot trust this code fully apparently. Well no-one can code absolute securely, but then again it is about the attitude...

polonus

« Last Edit: April 10, 2007, 10:29:40 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88900
  • No support PMs thanks
Re: Exploit for "Zero-Day" Vulnerability Detected by Microsoft
« Reply #71 on: April 10, 2007, 11:34:01 PM »
Interesting piece relating to this zero day vulnerability, MS appear to have known about it since Dec 2006.

Quote from: Extract Windows Secrets newsletter.
Microsoft's patch didn't come in time

According to the Microsoft Security Response Center blog, Microsoft was first notified about this vulnerability on Dec. 20, 2006, by a Determina security researcher. Microsoft also says it was made aware that the attack was being used in the wild on Mar. 28 by McAfee. The blog entry goes on to say that Determina is not to blame for leaking the flaw and speculates that it must have been discovered independently.

Microsoft released an emergency patch on Apr. 3, meaning that this exploit was being actively circulated for almost a week, if not longer.

I'm not going to blame Microsoft today for not predicting the future. What do you do when you're aware that a zero-day attack is being used in the wild, but your vendor doesn't have a patch. Do you sit back and take it, or do you craft your own mitigation strategy?
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48524
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Exploit for "Zero-Day" Vulnerability Detected by Microsoft
« Reply #72 on: April 11, 2007, 01:03:35 AM »
Quote
but then again it is about the attitude...
Unfortunately polonus in this case it can only be described as " PISS POOR"  :(
and since no recognition was given to the researcher who found it, there may not be
any notification when the next exploit is discovered since Microsoft seems to only want to do patches
on their schedule or once they've been released.
This attitude may require "7 patch Tuesdayseach week or, "Linux here I come" in order to keep
the user safe.
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Offline OrangeCrate

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 798
Re: Exploit for "Zero-Day" Vulnerability Detected by Microsoft
« Reply #73 on: April 11, 2007, 02:21:10 AM »
This attitude may require "7 patch Tuesdayseach week or, "Linux here I come" in order to keep
the user safe.

Since Windows is my guest operating system, and is used only occasionally, I've tried to remain neutral on this issue since it was first posted. Just quietly reading all the comments. Very interesting.

It's worth mentioning that one of my son-in-laws was a software engineer for Microsoft early in his career, before starting his own consulting practice. Amongst other things, his company maintains several large Microsoft enterprise systems, and they have a couple of Windows boxes that are used for testing and such, that I swear could accelerate from 0 to 60 in about three seconds!

But for personal use at home, he uses a Mac. (I think he knows something he's not telling us...)
« Last Edit: April 11, 2007, 03:33:01 AM by OrangeCrate »

Offline OrangeCrate

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 798
Re: Exploit for "Zero-Day" Vulnerability Detected by Microsoft
« Reply #74 on: April 11, 2007, 12:54:45 PM »
Detail on the patch is here:

"Five critical reasons to update Windows today..."

http://www.theregister.co.uk/2007/04/11/ms_april_patch_tuesday/