December 5, 2006 4:11 PM PST

New site offers zero-day tracker

Related Stories

Microsoft plugs Windows worm holes

November 14, 2006

Another PowerPoint bug threatens

October 16, 2006

Zero-day attacks continue to hit Microsoft

September 27, 2006

Zero-day Wednesdays

July 24, 2006
eEye Digital Security has launched a Web site that tracks publicly released security bugs that don't have an official patch, also known as zero-day flaws.

The new eEye Zero-Day Tracker Web site on Tuesday listed seven zero-day vulnerabilities, six of which affect Microsoft software and one related to Adobe Systems' Acrobat. For each of the problems, eEye suggests steps people can take to protect against exploitation of the flaws.

"More zero-day security vulnerabilities and attacks are being discovered every day," Marc Maiffret, eEye's chief technology officer, said in a statement. "We've been overwhelmed by requests from our customers to give them the information and time they need to protect their networks."

Security monitoring companies Secunia and the French Security Incident Response Team, or FrSIRT, also track unpatched flaws. However, these companies don't offer a simple overview of all zero-days. Secunia lists them by product, for example.

There has been an apparent increase this year in the use of new, yet-to-be-patched flaws in targeted cyberattacks. Cybercrooks have found that they could take advantage of Microsoft's monthly patch cycle by timing new attacks right after the software maker releases its fixes.

Microsoft's patch day is on the second Tuesday of each month, and the company doesn't break its cycle unless an attack has a widespread impact. As a result, security experts have coined the term "Zero-day Wednesdays."

Flaws in Office applications especially seem to be favored by the bad guys. Microsoft and security companies have repeatedly had to issue warnings this year about new, small-scale attacks that exploit yet-to-be-plugged security holes in applications such as Word, PowerPoint and Excel.

See more CNET content tagged:
eEye Digital Security, security bug, flaw, attack, security

 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.