The Edge : flaw

One Third Of Corporate Applications Vulnerable

tonybradley — Sun, 20 May 2007 21:52:00 GMT

According to a report from Danish security vendor Secunia, as many as one third of the applications in use on corporate networks are vulnerable to critical attacks. According to this SC Magazine article, Secunia sites deficiencies in commonly used vulnerability scanners as the culprit. Their point of view is that most vulnerability scanners are only designed to scan for vulnerabilities in the top 20 to 50 applications in use. More obscure products are not scanned and may have unidentified critical vulnerabilities, exposing the network to compromise or exploit. From a risk analysis perspective though, the approach of the vulnerability scanner vendors seems sound enough. The reason that a vulnerability scanner vendor might not bother to scan for an obscure application used by only a fraction of a percentage of corporations is the same reason that it is unlikely that an attacker would exploit it. Attackers are often lazy and use automated tools to identify targets. They tend to seek out exploits that can be leveraged or used against a wide variety of targets. While a flaw in an obscure program might be critical to the fraction of a percent of the companies that use that program, it is relatively unlikely that the average attacker would ever identify or exploit the flaw. I am not advocating simply ignoring these flaws. I do think companies should be aware of the vulnerabilities that affect their network and that steps should be taken to remove or mitigate weaknesses. I am just pointing out that vulnerability scanning and patching efforts should be invested first and foremost in the threats most likely to be exploited, which probably do not include these more obscure applications unless it is a fluke or a highly targeted attack.

Vista Flaw Discovered

tonybradley — Wed, 03 Jan 2007 17:27:00 GMT

Less than a month from its official release to corporate customers, a vulnerability was already discovered that affects Vista. According to Microsoft and others, the vulnerability can only be exploited if an attacker already has access to the system, meaning they would need to be physically sitting in front of the computer or have already compromised through some other means that would provide remote access.

According to F-Secure's Mikko Hypponen, "The bottom line is you couldn't use a vulnerability like this to write a worm or hack a Vista system remotely. It only has historical significance in that it's the first reported vulnerability that also affects Vista. It's a nonevent in other ways."

The media of course jumps all over the news, stating repeatedly how this is reportedly Microsoft's most secure platform ever. I think most would agree that it is, in fact, the most secure yet. However, "most secure" and "impenetrable" have entirely different meanings. There will still be flaws. Hopefully there will be fewer and hopefully those that are found will not be the type that allow an attacker to gain complete control of vulnerable systems remotely or the type that are easily exploited via a worm or other malware code. But, I am sure that this will by no means be the last Vista vulnerability we hear about.

Unpatched Flaw In Microsoft Word Being Exploited

tonybradley — Wed, 06 Sep 2006 11:27:00 GMT

A flaw in the way Microsoft Word 2000 documents are processed could allow an attacker to execute malicious code remotely on vulnerable systems according to a Secunia alert. Exploit code has been identified in the wild and no patch is currently available, so Secunia has rated the Advisory as Extremely Critical and advises users not to open any untrusted Microsoft Office files. For more information, you can check out the details of the Advisory here: Secunia Advisories - September 5, 2006.

Microsoft Patches Vista Beta

tonybradley — Mon, 21 Aug 2006 17:43:00 GMT

Microsoft continues to make security a priority and a primary development focus, but being a priority focus is not a guarantee of perfection.

Windows Vista is still in Beta testing, but it was found that two of the patches released with the August Security Bulletins also affect Vista.

Microsoft created patches specifically for Vista for the vulnerabilities addressed in Security Bulletin MS06-042 and MS06-051, which can be downloaded here: Available updates for Microsoft Windows Vista Beta 2