On CBS MoneyWatch: 6 things NOT to do on Twitter, Facebook
BNET Business Network:
BNET
TechRepublic
ZDNet

August 22nd, 2005

Releasing zero-day exploits to sell a product?

Posted by George Ou @ 10:22 am

Categories: Security

Tags:

As companies are still picking up the pieces from the Zotob worm and its malicious siblings, a French information security company that sells early exploit warning services has released a zero-day exploit that attacks all versions of Microsoft Internet Explorer.  The same company also released exploit code for the Windows PNP (Plug and Play) vulnerability less than 24 hours after Microsoft released a fix which led to the birth of the Zotob worm 5 days later.  Many companies running Windows 2000 were not prepared to patch their systems on such short notice and they were hit the hardest.  The release of this new exploit is even more alarming since it affects all instances of Internet Explorer and Microsoft has not had a chance to release a patch for this exploit.

Microsoft responded by issuing an emergency security advisory which offers some temporary workarounds to the issue.  Since the instructions are a little confusing for the average user, I wrote this explanation and some scripts to automate the Microsoft workaround and SANS wrote their own set of utilities for automating this temporary fix the same day.  I would highly recommend that everyone apply the temporary workaround since the exploit code is out in the wild.

Last month when Cisco sued Michael Lynn for simply talking about a Cisco vulnerability that was supposedly already patched by Cisco, I defended Lynn because Cisco had plenty of fair warning and Lynn wasn’t releasing any actual exploit code.  This case is the exact opposite because a company is releasing the actual exploit code without giving the software maker any time to issue a fix and they’re doing it in a way to benefit their own business which borders on a "protection" racket.  Since the company is located in France, legal challenges are a bit tricky.  It’s mind boggling that this sort of thing is even allowed in a civilized world governed by the rule of law.

George Ou is Technical Director of ZDNet. See his full profile and disclosure of his industry affiliations.

  • Talkback
  • Most Recent of 85 Talkback(s)
What?
Is this a personal machine? If so, why are you
still running Windows 2000? happy... (Read the rest)
Posted by: khawaja.umar.farooq@... Posted on: 09/24/09 You are currently: a Guest | | Terms of Use
Maybe you should name names.  Anton Philidor | 08/22/05
I considered that  george_ou | 08/22/05
zdnet has to be careful after google got all pissy. (nt)  Valis Keogh | 08/22/05
I would think that this action...  jtnixon | 08/22/05
Racketeering  jacco | 08/23/05
It's happening in France....  palmwarrior | 08/23/05
Anti Racket  wjs_z | 08/23/05
But nothing prevents them from doing this to Linux or Apple  george_ou | 08/23/05
Nice FUD  Rick_K | 08/23/05
What specifically are you disputing?  george_ou | 08/23/05
Thanks, George  B.Beck | 08/22/05
Great to hear this is useful  george_ou | 08/22/05
Denile  Harry Bardal | 08/23/05
How bug free is the alternative?  george_ou | 08/23/05
Lame  hagrin | 08/23/05
Keep your resume  Real World | 08/23/05
Ok ...  hagrin | 08/23/05
in MJB's defense...  Monkey_MCSE | 08/23/05
You took exception to the statement  Real World | 08/23/05
LOL  Ishkaboo | 08/23/05
Isn't it a matter of priorities?  balsover | 08/23/05
Also  balsover | 08/23/05
this patch didn't, but the update rollup  Monkey_MCSE | 08/23/05
No  Real World | 08/23/05
No it is a matter of process  gtbarsi@... | 08/23/05
HERE HERE! Damm it!! (nt)  Ishkaboo | 08/23/05
HERE HERE! Damm it!! (nt)  Ishkaboo | 08/23/05
Sweeping Assumptions  khawaja.umar.farooq@... | 09/24/09
MS update broke my W2000 !  j.dupont | 08/23/05
What?  khawaja.umar.farooq@... | 09/24/09
Off subject but...  msdead | 08/23/05
Not too far off  george_ou | 08/23/05
30 days  Roger Ramjet | 08/23/05
That makes sense and is fair  balsover | 08/23/05
Ditto  msdead | 08/23/05
Double ditto  No_Ax_to_Grind | 08/23/05
Who made you god?  george_ou | 08/23/05
Ultima Online did!  Roger Ramjet | 08/24/05
Sue the extremists  george_ou | 08/24/05
The boot on the other foot  whisperycat | 08/23/05
Tell us, did that useless rant help your ego?  No_Ax_to_Grind | 08/23/05
No axe has no stomach for the real world?  whisperycat | 08/23/05
I think that it is NOT the stomach the only thing missing  michael_t | 08/23/05
Make a real comment and I will respond.  No_Ax_to_Grind | 08/23/05
Make a valid point and you will ignore  whisperycat | 08/23/05
It is the 'demand' that drives 'production'  michael_t | 08/23/05
Let's not forget China!  DragonBRockin | 08/23/05
Assume for the moment that this is government policy...  palmwarrior | 08/23/05
Mainland China hacking detailed...  palmwarrior | 08/25/05
That's wrong too  george_ou | 08/23/05
Shouldn't M$ sue these people?  An_Axe_to_Grind | 08/23/05
Sorry, but i dont think so.  Been_Done_Before | 08/23/05
Powerless  Harry Bardal | 08/23/05
Name one company that doesn't write flawed software  george_ou | 08/23/05
If someone did this to Firefox I'd uninstall it until a fix were available.  Zogg | 08/23/05
Then you should stop using Mozilla now  george_ou | 08/23/05
Sure  xstep | 08/23/05
No one is telling you not to switch  george_ou | 08/23/05
Your evidence is missing.  Zogg | 08/24/05
Send me an email and I'll reply with the link  george_ou | 08/24/05
Thanks for the link, George.  Zogg | 08/24/05
You're welcome  george_ou | 08/24/05
Well, not *quite* the same...  Zogg | 08/25/05
Some Current Facts  Harry Bardal | 08/23/05
OSX  IT Scion | 08/23/05
older than Windows  Outside T. Box | 08/24/05
Actually no.  IT Scion | 08/24/05
Also  IT Scion | 08/24/05
Are you so sure about "zero exploits"?  george_ou | 08/23/05
Thanks  Harry Bardal | 08/24/05
VERY curious  Roger Ramjet | 08/24/05
huh?  IT Scion | 08/24/05
Harry  IT Scion | 08/23/05
The Larger Issue  Harry Bardal | 08/24/05
Let's not forget ALL parties involved in this abnormal situation  michael_t | 08/23/05
Who needs the police when you have the courts.  papatator | 08/23/05
You keep making my point  xstep | 08/23/05
Right ...  gary.douglas@... | 08/23/05
Right Oracle too  xstep | 08/23/05
Hmmm ... Killing Me With A Script-Fix  PMC-CON | 08/23/05
Two reasons  george_ou | 08/23/05
I wonder ...  gary.douglas@... | 08/23/05
No more extortion than...  Outside T. Box | 08/24/05
"If you don't like Windows, don't buy it" ??  Zogg | 08/24/05
Design Responsibility  dwberndt | 08/24/05

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

Click Here
advertisement

Recent Entries

Top Rated

    advertisement

    Archives

    ZDNet Blogs

    White Papers, Webcasts, and Downloads

    Enterprise Applications

    • Check out some of the easiest and most powerful ways to boost productivity while saving money on your application infrastructure. See ZDNet's comprehensive Enterprise Application resource center, now!
    • New Online Dashboard
    • Read about top issues IT decision-makers face every day, plus get cost effective solutions to real life IT problems. Oracle Topline