Latest Patch Tuesday is zero day harvest

sjb007 · 04-16-2009, 01:45 AM

Microsoft's Patch Tuesday arrived with a nasty twist, as six of the 23 vulnerabilities spread among the eight patches are already being threatened by exploit code in the wild.

Experts say zero-day exploits exist for vulnerabilities addressed in MS09-009, MS09-010 and MS09-012. Only the MS09-012 patch is not rated as critical. All three patches contain the fixes to thwart the exploits. (Check the list of affected software by patch number).

Patches MS09-013 and MS09-014, both rated critical, address three vulnerabilities for which exploit tools are publicly available. Both protect against a credential reflection attack that has been a lingering problem.

And attack details are available for vulnerabilities fixed by MS09-015, which is rated moderate and affects Windows and Windows Server versions.

"That window where you had the luxury of not patching, that is shrinking fast," says Wolfgang Kandek, CTO of Qualys. "Here the window is zero for some of these vulnerabilities, and where the exploit code is public it will not take hackers long to get code out there."

Kandek says Qualys is seeing people getting more "professional" with their attacks. "It is not the hobbyists anymore, there are some real research teams spending resources on this, analysing code and putting out exploits."

His forecast is for the attacks to get worse and faster. He says hackers are creating code designed to avoid detection, as evidenced with Conficker.

"We see Conficker as the new standard," Kandek says. "As hacking becomes more professional these intrusions or exploits will become more silent, they will not call too much attention to themselves so they can steal identities, send out some spam or launch a [denail of service] attack." In Conficker's case, it also tricks the user into thinking their system is patched.

MS09-009 addresses vulnerabilities in Excel that were identified two months ago by Microsoft. MS09-010 addresses vulnerabilities in WordPad and Office Text Converters, and MS09-012 addresses issues in Windows.

http://www.techworld.com/news/index....&NewsID=114314

04-16-2009, 01:45 AM	#1 (permalink)
sjb007 Analyst, Security Team Join Date: Dec 2007 Location: Lincoln UK Posts: 2,258 OS: Windows 7 Premium x64 My System	Latest Patch Tuesday is zero day harvest Microsoft's Patch Tuesday arrived with a nasty twist, as six of the 23 vulnerabilities spread among the eight patches are already being threatened by exploit code in the wild. Experts say zero-day exploits exist for vulnerabilities addressed in MS09-009, MS09-010 and MS09-012. Only the MS09-012 patch is not rated as critical. All three patches contain the fixes to thwart the exploits. (Check the list of affected software by patch number). Patches MS09-013 and MS09-014, both rated critical, address three vulnerabilities for which exploit tools are publicly available. Both protect against a credential reflection attack that has been a lingering problem. And attack details are available for vulnerabilities fixed by MS09-015, which is rated moderate and affects Windows and Windows Server versions. "That window where you had the luxury of not patching, that is shrinking fast," says Wolfgang Kandek, CTO of Qualys. "Here the window is zero for some of these vulnerabilities, and where the exploit code is public it will not take hackers long to get code out there." Kandek says Qualys is seeing people getting more "professional" with their attacks. "It is not the hobbyists anymore, there are some real research teams spending resources on this, analysing code and putting out exploits." His forecast is for the attacks to get worse and faster. He says hackers are creating code designed to avoid detection, as evidenced with Conficker. "We see Conficker as the new standard," Kandek says. "As hacking becomes more professional these intrusions or exploits will become more silent, they will not call too much attention to themselves so they can steal identities, send out some spam or launch a [denail of service] attack." In Conficker's case, it also tricks the user into thinking their system is patched. MS09-009 addresses vulnerabilities in Excel that were identified two months ago by Microsoft. MS09-010 addresses vulnerabilities in WordPad and Office Text Converters, and MS09-012 addresses issues in Windows. http://www.techworld.com/news/index....&NewsID=114314 __________________ If we have helped you then please consider donating Proud Member of ASAP & UNITE Since 2007