Emergency Microsoft Security Advisory (2887505) – Vulnerability in Internet Explorer Could Allow Remote Code Execution

M

icrosoft has released emergency advisory ‘Vulnerability in Internet Explorer Could Allow Remote Code Execution’ which is a zero day exploit that hackers exploited zero day vulnerability in IE versions 8 and 9 on Windows XP and Windows 7. This is after investigating public reports of the vulnerability. The vulnerability affects “all supported versions of its browser (IE6, IE7, IE8, IE9, IE10, and IE11).” ( Emil Protalinski, 2013).

Zero day vulnerabilities also known as zero day attacks are software holes or backdoors that are not known by the vendor, meaning that the attack occurs on ‘day zero of reaction of the exposure. The developers will have had zero days to address and patch the vulnerability.

The company has found that the flaw could potentially affect all supported versions, although it says that running “modern versions” of IE has the advantage of additional security features that can help prevent successful attacks. The flaw in question makes remote code execution possible if you browse to a website containing malicious content for your specific browser type (an attacker can either compromise a regularly frequented and trusted site or convince the user to click a link in another application). Continue reading Emergency Microsoft Security Advisory (2887505) – Vulnerability in Internet Explorer Could Allow Remote Code Execution

Advertisements

Software Critical Patches September 2013

If you are not the programing language interpreter or software inventor, then, you never know the flaws in the software; you are part of anarchy in the computer age. “The Internet is the first thing that humanity has built that humanity doesn’t understand, the largest experiment in anarchy that we have ever had.” Eric Schmidt, Chairman Google.

Being part of the anarchy, IT should develop strategies for patch management.  “Patch and vulnerability management is a security practice designed to proactively prevent the exploitation of IT vulnerabilities that exist within an organization. The expected result is to reduce the time and money spent dealing with vulnerabilities and exploitation of those vulnerabilities. Proactively managing vulnerabilities of systems will reduce or eliminate the potential for exploitation and involve considerably less time and effort than responding after exploitation has occurred. Patches are additional pieces of code developed to address problems (commonly called “bugs”) in software. Patches enable additional functionality or address security flaws within a program. Vulnerabilities are flaws that can be exploited by a malicious entity to gain greater access or privileges than it is authorized to have on a computer system. Not all vulnerabilities have related patches; thus, system administrators must not only be aware of applicable vulnerabilities and available patches, but also other methods of remediation (e.g., device or network configuration changes, employee training) that limit the exposure of systems to vulnerabilities.” (NIST Special Publication 800-40 Version 2.0, 2005, p. ES-1) Continue reading Software Critical Patches September 2013

SYSTEM AUDIT TRAIL AND LOGS

System logging is one of the basic security features incorporated in both hardware and software. They “allow administrators to review a record of all system activity. The ongoing record of system activity shows general trends in system usage and also violations of your system use policy.” Menuhin’s Pages (2013). The National Institute of Standards and Technology (NIST) (2013) claims that “Audit trails maintain a record of system activity both by system and application processes and by user activity of systems and applications. In conjunction with appropriate tools and procedures, audit trails can assist in detecting security violations, performance problems, and flaws in applications.” NIST (2013). NIST (2013) further expounds that “An audit trail is a series of records of computer events, about an operating system, an application, or user activities. A computer system may have several audit trails, each devoted to a particular type of activity. Auditing is a review and analysis of management, operational, and technical controls. Audit trails may be used as either a support for regular system operations or a kind of insurance policy or as both of these. As insurance, audit trails are maintained but are not used unless needed, such as after a system outage. As a support for operations, audit trails are used to help system administrators ensure that the system or resources have not been harmed by hackers, insiders, or technical problems.” Continue reading SYSTEM AUDIT TRAIL AND LOGS