November 12th, 2009

Microsoft bracing for malware attacks from embedded fonts

Posted by Ryan Naraine @ 11:16 am

Categories: Arbitrary Code Execution, Botnets, Browsers, Denial of Service (DoS), Exploit code, Metasploit, Microsoft, Passwords, Patch Watch, Responsible disclosure, Spam and Phishing, Spyware and Adware

Tags: Malware, Microsoft Internet Explorer, Microsoft Corp., Attack Vector, Font, Attack, Metasploit, Microsoft Windows, Security, Operating Systems

Heads up to all Microsoft Windows users: If you’re running Windows 2000, Windows XP or Windows Server 2003, stop what you’re doing and immediately download and apply the MS09-065 update released earlier this week.

Security researchers say it’s only a matter of time — days not weeks — before malicious hackers start exploiting one of the vulnerabilities via booby-trapped Web pages or Office (Word or PowerPoint) documents.

Read the rest of this entry »

October 22nd, 2009

Metasploit + Rapid7 shakes up pen-test landscape

Posted by Ryan Naraine @ 10:21 am

Categories: Arbitrary Code Execution, Botnets, Browsers, Complex Attacks, Exploit code, Locally Running Web Servers, Malware, Metasploit, Microsoft, Patch Watch, Pen testing

Tags: Penetration Testing, Microsoft Corp., Exploit, R7, Immunity, Marketing Research, Marketing, Ryan Naraine

Guest Editorial by Nick Selby

With the acquisition of Metasploit (MS) by Rapid7 (R7), the dynamics within the small penetration testing market have changed. We believe that more competition will challenge each of the three main penetration testing software vendors in different ways, and that this new competitive landscape will quickly inure to the benefit of end users and buyers.

To radically simplify, the dynamics have been that Core Security sat at the top of the marketplace in terms of price, scale and enterprise usability; Immunity Security cleaned up at the lower end of the enterprise market and dominated for vendors and professional services types, who also used MS as a free tool. Read the rest of this entry »

October 16th, 2009

Microsoft exposes Firefox users to drive-by malware downloads

Posted by Ryan Naraine @ 9:24 am

Categories: Adobe, Anti Virus, Arbitrary Code Execution, Browsers, Complex Attacks, Data theft, Denial of Service (DoS), Exploit code, Firefox, Flash, Google, Google Chrome, Hackers, Malware, Metasploit, Microsoft, Mozilla, Open source, Passwords, Patch Watch, Pen testing

Tags: Google Inc., Mozilla Firefox, Vulnerability, Malware, Microsoft Internet Explorer, Microsoft Corp., Attack Vector, Web Browser, Google Chrome, Plug-in

Remember that Microsoft .NET Framework Assistant add-on that Microsoft sneaked into Firefox without explicit permission from end users?

Well, the code in that add-on has a serious code execution vulnerability that exposes Firefox users to the “browse and you’re owned” attacks that are typically used in drive-by malware downloads. Read the rest of this entry »

October 13th, 2009

Patch Tuesday: MS plugs critical IE, Windows Media Player holes

Posted by Ryan Naraine @ 10:43 am

Categories: Anti Virus, Arbitrary Code Execution, Botnets, Browsers, Complex Attacks, Data theft, Denial of Service (DoS), Exploit code, Hackers, Malware, Metasploit, Microsoft, Patch Watch, Pen testing

Tags: Microsoft Windows Media Player, Windows Media, Vulnerability, Microsoft Windows, Microsoft Internet Explorer, Microsoft Corp., FTP, Microsoft IIS Server, Media Player, Security

Microsoft today released its largest ever batch of Patch Tuesday updates to fix a whopping 34 security holes in a wide range of widely deployed software products.

The latest patch batch covers critical vulnerabilities in software products that are bundled with Microsoft’s dominant Windows operating system (Internet Explorer and Windows Media Player) — and several known security problems (SMB v2 and FTP in IIS) for which functioning exploit code has already been publicly released. Read the rest of this entry »

September 29th, 2009

Windows SMB2 exploit now public; Expect in-the-wild attacks soon

Posted by Ryan Naraine @ 3:09 am

Categories: Anti Virus, Arbitrary Code Execution, Botnets, Browsers, Complex Attacks, Data theft, Denial of Service (DoS), Malware, Metasploit, Microsoft, Passwords, Spam and Phishing, Spyware and Adware, Vulnerability research, Windows Vista

Tags: Vulnerability, Microsoft Windows Vista, Microsoft Corp., Exploit, Attack, Microsoft Windows, Operating Systems, Security, Software, Ryan Naraine

Fully functional exploit code for the (still unpatched) Windows SMB v2 vulnerability has been released to the public domain via the freely available Metasploit point-and-click attack tool, raising the likelihood for remote in-the-wild code execution attacks.

Read the rest of this entry »

September 8th, 2009

Windows 7, Vista exposed to 'teardrop attack'

Posted by Ryan Naraine @ 1:26 pm

Categories: Arbitrary Code Execution, Botnets, Complex Attacks, Data theft, Denial of Service (DoS), Exploit code, Locally Running Web Servers, Metasploit, Microsoft, Responsible disclosure, Viruses and Worms, Vulnerability research, Web Applications, Windows Vista, Zero-day attacks

Tags: Microsoft Windows Vista, Small And Medium Business, Attack, NEGOTIATE PROTOCOL REQUEST, Metasploit, Microsoft Windows, Smb/Sme, Microsoft Windows 7, Microsoft Windows Vista (Longhorn), Operating Systems

[ UPDATE: Microsoft has now confirmed this vulnerability and warns of code execution risk ]

Exploit code for a remote reboot flaw in Microsoft’s implementation of the SMB2 protocol has been posted on the internet, exposing users of Windows 7 and Windows Vista to the teardrop attacks that used to be popular on Windows 3.1 and Windows 95.

The demo code, published on the Full Disclosure mailing list, allows an attacker to remotely crash any Windows 7 or Windows Vista machine with SMB enabled.  No user action is required.

Read the rest of this entry »

July 14th, 2009

Patch Day double-whammy: Oracle plugs 33 database holes

Posted by Ryan Naraine @ 2:39 pm

Categories: Anti Virus, Arbitrary Code Execution, Complex Attacks, Data theft, Exploit code, Locally Running Web Servers, Metasploit, Oracle, Passwords, Patch Watch, Responsible disclosure, Spam and Phishing, Sun Microsystems

Tags: Database, Oracle Corp., Critical Patch, Ryan Naraine

For businesses, today is a Patch Tuesday double-whammy.

Just hours after Microsoft shipped six bulletins to cover multiple flaws in Windows and Internet Explorer, Oracle is getting set to release its quarterly batch of Critical Patch Updates with fixes for at least 33 security vulnerabilities.

Read the rest of this entry »

July 14th, 2009

Remote code execution exploit for Firefox 3.5 in the wild

Posted by Dancho Danchev @ 11:55 am

Categories: Arbitrary Code Execution, Botnets, Browsers, Exploit code, Firefox, Hackers, Malware, Metasploit, Mozilla, Patch Watch, Pen testing, Responsible disclosure, Zero-day attacks

Tags: Mozilla Firefox, Exploit, Web Browsers, Internet, Dancho Danchev

A zero day exploit (Firefox 3.5 Heap Spray Vulnerability) affecting Mozilla’s latest Firefox release has been published in the wild. Through an error in the processing of JavaScript code in ‘font tags’ malicious attackers could achieve arbitrary code execution and install malware on the affected hosts.

There’s no indication of its use on a global scale just yet, however due to the fact that the PoC is now public, it shouldn’t take long before cybercriminals embed it within the diverse exploits set of their web malware exploitation kits, allowing it to scale.

More details on the mitigation and the exploit itself:

Read the rest of this entry »

June 24th, 2009

Remote code execution exploit for Green Dam in the wild

Posted by Dancho Danchev @ 7:52 am

Categories: Anti Virus, Arbitrary Code Execution, Botnets, Browsers, Exploit code, Governments, Hackers, Malware, Metasploit, Patch Watch, People's Republic of China, Vulnerability research, Zero-day attacks

Tags: Web, Flaw, Buffer, Web Site, Security, Viruses And Worms, Marketing, Internet, Dancho Danchev

The recently exposed as vulnerable to trivial remotely exploitable flaws Chinese censorware Green Dam, has silently patched the security flaws (China confirms security flaws in Green Dam, rushes to release a patch) outlined in the original analysis detailing the vulnerabilities.

However, not only is the latest Green Dam v3.17 version still vulnerable to remotely exploitable flaws, but also, for over a week now a working zero day exploit (Exploit.GreenDam!IK; W32/GreenDam.A) has been circulating in the wild.

Here are more details on the remote code execution flaw in the latest version:

Read the rest of this entry »

March 26th, 2009

Exploit code sends Mozilla scrambling to fix Firefox

Posted by Ryan Naraine @ 6:48 am

Categories: Arbitrary Code Execution, Botnets, Browsers, Complex Attacks, Data theft, Denial of Service (DoS), Exploit code, Firefox, Hackers, Malware, Metasploit, Mozilla, Open source, Passwords, Patch Watch, Research, Responsible disclosure, Vulnerability research, Zero-day attacks

Tags: Mozilla Firefox, Exploit Code, Mozilla Corp., Web Browsers, Security, Internet, Ryan Naraine

[ UPDATE:  Mozilla has shipped a patch for this vulnerability ]

Mozilla’s security response team is scrambling to ready a patch for what appears to be a serious security flaw affecting its flagship Firefox browser.

The vulnerability, released alongside proof-of-concept code on several security sites, could lead to malicious code execution attacks if a Firefox user is lured to a Web site rigged with exploits.  It affects all versions of the open-source browser, including the newest Firefox 3.0.7.

Read the rest of this entry »