2010
01.19

Windows wide open ?

With recent attacks on Google/Adobe and Yahoo (just to name a few) thanks to the Aurora exploit. Internet Explorer is something to be avoided at the moment. Unless you’re running version 5.01, I would suggest switching to FireFox for the time being. As far as I know, Microsoft has not released a patch for this one. Let’s hope they do.

As far as I can tell, and with a little info from exploit-db, remote code execution is only functional under Windows XP running Internet Explorer 6. That doesn’t mean newer versions of Internet Explorer are not effected… we just don’t know about it yet. IE 7/8 will crash under Windows XP, and the DEP under Vista/7 should stop the crash in time.

So it’s a good idea to listen to Microsoft and enable DEP and everything else under the sun to protect your system(s)… Especially now there’s another exploit that basically guarantees privilege escalation.

The Ring-Zero exploit
Is the latest one, and let me tell you. I’ve tested this privilege escalation exploit on Windows XP sp2/xp3, Windows Server 2008 Enterprise and Windows 7. Dookie from exploit-db tested it on Windows Server 2003…
We all got System shell… Not scared yet? You should be. You can read more about it in the link I provided just above.

Does this mean Windows is wide open at the moment? Should we close down the Internet and our corporate networks? Well even if that would be a great solution, it’s impossible. There is one way to protect one’s self (or help reduce the risk/damage). DON’T RELY ON JUST A FIREWALL! Let your network administrators install snort. Let them monitor inbound as well as outbound traffic. Don’t close your eyes and say “there’s no reason to get hacked.. we’re a small company” (of course this is more for any managers reading this). Like to meet the guy that said Linux is less secure now…

So good luck this week, and lets hope Microsoft comes up with something soon. I need to scare the pants off my boss tomorrow. Need to work on a nice scenario to really convince him…

Again, good luck… All of you