Search the Community
Showing results for tags 'Zero-Day'.
Reefa posted a topic in Security & Privacy NewsUPDATE – Researchers at Websense said today they may have isolated two components within the VGX library that are being exploited by attackers targeting the latest Internet Explorer zero-day vulnerability. By combing through millions of Windows crash reports sent via the Windows Error Reporting feature, researchers have discovered a spike in VGX.DLL crashes in two particular spots. Application crashes are indicators of exploit activity in some cases, and researchers believe that either one could be what is being exploited in the wild. Researcher Alex Watson said more details on the vulnerable components could be available soon, and would fill in some gaps left open by advisories from Microsoft and FireEye that were scant in details about the exploits. “We are searching those [two] and taking a deep look at our feeds to find other indicators of compromise,” Watson said. Watson said researchers combed through six months of crash reports, close to 20 million in total, and found fewer than 40 crashes in IE 6 through IE 11 inside VGX; 13 of those happened in February, 9 in March and 12 this month. Two stood out. The first affected IE 9 running on a Windows 7 machine, which is the same setup exploited in the attacks currently in the wild. Other matching crash reports indicate possible failed exploit activity in the U.S. between March 22 and mid-April, Websense said. The second possible vulnerability affects IE 8, the researchers said. Two different versions of IE 8 running on Windows 7 indicate a buffer overflow vulnerability is present in VGX as early as Feb. 17, Websense said. “It is somewhat unusual to see such a large percentage of application crashes being triggered via buffer overflow,” Watson said, calling it suspicious. “While it has not been reported that IE 8 has been targeted via CVE-2014-1776 in the wild, errors like this are consistent with exploits that corrupt and overwrite memory.” The IE zero day set off alarm bells since it can be exploited all the way back to versions of IE compatible with Windows XP, which is no longer supported by Microsoft as of April 8. Microsoft issued an advisory and warned users that hackers were actively exploiting the use-after-free vulnerability in limited targeted attacks, although only in IE 9 through IE 11. Researchers at FireEye also shared details on the exploit and said that it is used in conjunction with an Adobe Flash exploit to cause memory corruption and allow an attacker to run code remotely on the compromised computer. The vulnerability in IE is specific to the browser’s handling of the Vector Markup Language and vector graphics rendering. Microsoft advised as a temporary mitigation that admins disable the VGX.DLL; the library is crucial for proper graphics rendering and is used by IE as well as Office applications. “When we looked at this DLL, we found it is not used often and likely shouldn’t be used at all,” Watson said. “It’s a deprecated vector processing library.” Watson said researchers were prompted by news of the active exploits and started searching crash reports for evidence of exploit activity in the VGX library. Starting in February, spikes in crashes in IE 8 and IE 9 began, in particular from targets in the U.S., U.K., and Brazil, including telecoms, financial services organizations and municipal governments, Websense said. Websense researchers use application crash reports from computers running Windows XP, Vista, 7 and 8 sent through the Windows Error Reporting framework to investigate the possibility of advanced attacks against organizations. Exploits often cause applications to crash and these reports, also known as Dr. Watson reports, are sent in the clear to Microsoft so that bugs can be prioritized and addressed, as well as user experience issues. The reports are triggered not only by crashes, but also when applications fail to update or when hardware changes are detected on a network. This article was updated at 4 p.m. with clarifications throughout. Source
Reefa posted a topic in Security & Privacy NewsIt’s unusual to see a report come through on the weekend, but based on how quickly communication has been ramped-up, this one is serious enough to warrant some weekend work. A new zero-day flaw is being reported that affects Internet Explorer versions 6 through 11, with IE9 through IE11 being actively targeted. When enacted, the vulnerability has the potential to take over the computer. Of course, as with the majority of vulnerabilities like this, it assumes the capabilities of the logged on user, which means if a user has administrative rights to the computer, the exploit will enjoy full control. I can’t reiterate enough that administrative rights for normal users is a no-no and cases like this should be enough to convince management to revoke administrative rights across the board. Microsoft is working on a fix, however, it’s important to keep in mind that whatever patch comes available, it will not cover Windows XP. By all appearances, this is a serious flaw, and will be a first major test for unpatched Windows XP computers. The fix, once issued, will not be available publicly for Windows XP. Here’s the applicable information about this new zero-day flaw: Microsoft Security Advisory 2963983 More Details about Security Advisory 2963983 IE 0day FireEye: New Zero-Day Exploit targeting Internet Explorer Versions 9 through 11 Identified in Targeted Attacks The flaw uses a hole in Adobe Flash. For workarounds, Microsoft is promoting EMET with a specific configuration and also suggesting disabling VML in Internet Explorer and running IE in "Enhanced Protected Mode." Source
ViRobot APT Shield 2.0 is the best PC security program to block attacks of vulnerabilities(include Zero-Day vulnerabilities and Drive-by download vulnerabilities) in applications and Windows OS(include Windows XP) in advance, and it is compatible with anti-malware programs.Especially, ViRobot APT Shield 2.0 will be the best choice for PCs which can not be upgraded Windows XP to higher version of Windows. Features 1. Response to variety attacks of application vulnerabilities. It blocks attacks that use vulnerabilities in advance for applications such as document programs(MS Office, Adobe Reader, ...), Web brewers(IE, Firefox, Chrome, ...), Media players, Messengers, Compression software, and etc. 2. Blocking vulnerabilities due to the end of Windows XP support. It prevents attacks that use vulnerabilities in advance for Windows which cannot be applied security patches. 3. Complementing in accordance with the limits of Signature-based anti-virus. By behavior-based technology, it blocks creation and execution of malicious code that exploits vulnerabilities, and it also doesn't need pattern update. 4. Blocking the acceleration of document leak for many unspecified targets. Recently, malicious code is using social engineering to exfiltrate important document from companies, but this product blocks it completely. 5. Handling systems which are difficult to update Windows security patches. It's a very light product, because it requires only minimal resources of Hardware. It's suitable for various environments which are difficult to update Windows security patches in enterprise. Functions 1. Enhanced detection for malicious code It can block Zero-Day attacks in advance.It's not necessary to concern about False/Positive, because it detects abnormal behaviors of applications.It's possible to detect malicious code in real time.2. Flexible scalability and low costs It's compatible with anti-malware products all around the world, it ensures flexible scalability.It can save cost compared to network-based detection solutions. (No extra charge excepted license fee)3. Management efficiency It's possible to control security systems by connection with integrated log equipment(e.g. ESM).Monitoring service is provided through installation of Web log server.4. Usability Pattern update is not required.It's simple to install(The installation takes less than 10 seconds.)The portion of end users' direct control is minimized.It uses minimum resource. (e.g. Memory usage : less than 10MB)Screenshots Blocking malicious code that exploits vulnerabilities in applications. Document program -MS office, Adobe reader, Ichitaro, etc. Web browser - IE, Firefox, Chrome, Safari, Opera, Java, Flash, ActiveX, etc. Media player - Real player, QuickTime player, Winamp, etc. Messenger - Skype, Yahoo, Google, . etc. Compression software -WinZip, WinRAR, 7-Zip, etc. Homepage: http://www.aptshield.net/ Download link: http://www.aptshield.net/apt_individual_download.html Requirements: CPU:Intel Pentium III 500MHz or Above RAM:512 MB or Above HDD:Free space more than 500 MB OS: Windows XP / Windows Vista / Windows 7 / Windows 8/Windows Server 2003 / Windows Server 2008 / Windows Server 2012 -x86 and x64.