A zero-day flaw in the TLS and SSL protocols, which are commonly used to encrypt Web pages, has been made public.
Security researchers Marsh Ray and Steve Dispensa unveiled the TLS (Transport Layer Security) flaw on Wednesday, following the disclosure of separate, but similar, security findings. TLS and its predecessor, SSL (Secure Sockets Layer), are typically used by online retailers and banks to provide security for Web transactions.
Ray, who works with Dispensa at two-factor authentication company PhoneFactor, explained in a blog post this week that he had initially discovered the flaw in August and demonstrated a working exploit to Dispensa at the beginning of September.
Read more of "Zero-day flaw found in web encryption" at ZDNet UK.
Microsoft said on Tuesday that it is investigating reports of a zero-day vulnerability affecting Windows 7 and Vista.
The flaw in Windows 7 could allow an attack which would cause a critical system error, or "blue screen of death," according to researcher Laurent Gaffie.
Gaffie wrote in his blog that the flaw lies in a Server Message Block 2 (SMB2) driver.
"SRV2.SYS fails to handle malformed SMB headers for the NEGOTIATE PROTOCOL REQUEST functionality," wrote Gaffie in a blog post Monday.
Gaffie said he had contacted Microsoft. Comments on his blog by other users said that the flaw could lead not only to denial of service, but could also lead to remote code execution.
Microsoft said in a statement on Tuesday that it was investigating, but said it is "currently unaware of any attacks trying to use the claimed vulnerability or of customer impact."
Computer security publication "The H" wrote on Tuesday that its German sister publication had tested the proof-of-concept code, and that while the exploit had caused a reboot on Vista, the exploit had not worked on Windows 7.
Metasploit creator HD Moore said in a tweet on Tuesday that an SMB bug appeared to have been introduced into Vista SP1. Coder Josh Goebel said in a blog post that he had added the exploit code to Metasploit.
Tom Espiner of ZDNet UK reported from London. CNET News' Ina Fried contributed to this report.
There is a critical JavaScript vulnerability in the Firefox 3.5 Web browser, Mozilla has warned.
The zero-day flaw lies in Firefox 3.5's Just-in-time (JIT) JavaScript compiler. Proof-of-concept code to exploit the vulnerability has been posted online by a security research group, Mozilla said in a post on its security blog on Wednesday. Security company Secunia rated the vulnerability as "highly critical" on Wednesday.
The hole could allow a hacker to launch a "drive-by" attack, according to Mozilla. That means an attacker may be able to execute malicious code on a target machine, if the victim visits a Web site containing an exploit.
No patch is currently available, but Mozilla developers are working on a fix. A workaround suggested in the blog post is to disable the Firefox 3.5 JIT compiler. However, Mozilla warned this would result in decreased JavaScript performance in Firefox.
The JIT compiler is part of TraceMonkey, which was added to Firefox for its 3.5 update released at the end of June. TraceMonkey is meant to optimise the browser, which is faster than previous iterations of Firefox, according to Mozilla.
On Wednesday, the United States Computer Emergency Response Team said users and administrators should completely disable JavaScript functionality in Firefox 3.5.
The Sans Institute also said people could disable JavaScript, and suggested using NoScript, an open-source Firefox plug-in that only allows script to be executed by trusted Web sites.
Tom Espiner of ZDNet UK reported from London.
Hackers have launched attacks targeting an unpatched flaw in Microsoft PowerPoint, the company warned Thursday.
The vulnerability, which affects Microsoft Office 2000 SP3, 2002 SP3, and 2003 SP3, can be exploited by getting a person to open a PowerPoint file rigged for the attack. When the file is opened, PowerPoint will access an invalid object in memory. That then allows an attacker to remotely execute code on the system.
In a security advisory, Microsoft said that at present, attacks are not widespread but are tailored to affect specific victims.
"Microsoft is investigating new reports of a vulnerability in Microsoft Office PowerPoint that could allow remote code execution if a user opens a specially crafted PowerPoint file," said the advisory. "At this time, we are aware only of limited and targeted attacks that attempt to use this vulnerability."
While there is currently no fix for the PowerPoint flaw, Microsoft said that it may release one outside its monthly patching schedule. Workarounds suggested by the company include not opening files received from untrusted sources, using the Microsoft Office Isolated Conversion Environment (MOICE) to open untrusted files, and using Microsoft Office File Block policy to restrict the opening of Office 2003 and earlier documents.
Microsoft's last major PowerPoint patches were released in August.
Tom Espiner of ZDNet UK reported from London.
- prev
- 1
- next
