Today’s Patch Tuesday marks two key events – the first, and for the first time Microsoft is able to provide a 33 day turn around patch to a zero-day attack. And the second, is how protocol handlers can be a popular source of vulnerabilities.
This zero-day vulnerability was discovered by Google’s Zurich-based researcher Travis Ormandy and is common in the Windows Help and Support Center feature that is delivered with supported editions of Windows XP and Windows Server 2003.
For those technically inclined, you can read more about today’s Microsoft Patch Tuesday patches at the end of the message courtesy of Ryan Naraine here. But for those of who you who want to quickly appreciate this vulnerability and to give you a feel for how serious this zero day attack is, in the address bar of your “Internet Explorer” browser, type in this command:
You should find your browser prompting you to save a ‘file’ but in effect, invoking the Windows Help and Support Center. In his posting Travis goes further to provide a script through which this exploit can be utilized to completely take over your Windows Server and you can read about it here.
This provides yet another case for why network based deep content malware inspection is required. BeSecure Administrators can simply add a simple Regular Expression that blocks ‘hcp://” invocations.
var _gaq = _gaq || ; _gaq.push(['_setAccount', 'UA-17425662-1']); _gaq.push(['_trackPageview']);