Security Advisor

New Microsoft Exploit Category Makes Its Way into Patch Tuesday

Plus: Symnatec sued for scaring up business, Stuxnet siblings ready to be unleashed.

Unlike the past few years, Microsoft kicked off the year with a large set of fixes -- seven, to be exact. While this batch is larger than Januarys have been use to, there's only one "critical" item in the group, which fixes a few issues in Windows Media that could allow a nogoodnik to pull off a remote code execution attack once an infected media file is open.

While there's nothing extraordinary with this type of exploit hitting Microsoft's Media software ($10 says there's another similar vulnerability patched in the next three months), what is noteworthy about Tuesday's security update is with the next item, an "important" update for Windows.

It stands out in the bunch due to it being labeled a "Security Feature Bypass" for its impact rating -- a first for Microsoft's patching career. What exactly does a "Security Feature Bypass" mean? It's exactly what it sounds like. It's when a hole has been discovered in the built-in security features of particular software to gain administrative access without permission.

In the case of this month's bulletin, the issue is found in a vulnerability in .NET's and C++'s SafeSEH tool. Once SafeSEH is bypassed, an attacker could load up a user's system with all the bad code it wants. That sounds pretty serious. However, Andrew Storms, director of security operations at nCircle believes there's nothing to fear from the strange and new vulnerability.

"This seems like it could be a cause for concern, but as of yet, there isn't any evidence that shows attackers are taking advantage of the loophole," said Storms.

However, you better get this patched. Now that the word is out, the exploitation of this hole may not stay dormant for long.

Symantec's Scary Business Model
According to a class action lawsuit filed today in California, Symantec might have been taking cues from the malware baddies it guards against to sell more products. Specifically, those that spread "scareware" viruses that alert users to computer problems that aren't there.

The lawsuit alleges that trial versions of PC Tools Registry Mechanic and PC Tools Performance Toolkit (both designed by a Symantec subsidiary) will alert users of issues with their machines, with the only way to remove them coming with a paid upgrade to the full version.

"By and through the deceptive scheme described above, Symantec has profited, and continues to profit, by defrauding consumers into believing that their computers are severely damaged, and/or at risk, and that purchase of its Scareware is necessary to 'fix' these problems," the written complaint states.

Along with the two products sold by Symantec, Norton Utilites is also thrown in the same lawsuit boat. The defendants are looking to have the cost of these products returned to all those that have purchased them.

Have you ever run into legitimate security software trying to scare you into upgrading? If the allegations are true, would this tarnish the Symantec brand for you? Let me know at [email protected].

And Here Come the Clones
Kaspersky Lab researchers have provided some bad news for the 2012 Trojan forecast. A team from the company has recently released information that asserts those responsible for the Stuxnet and Duqu worms are one in the same, and that these two variants are only a small part of a larger family of malware the culprits have at the ready.

"They are part of a well-oiled machine, or factory," said Roel Schouwenberg, senior Kaspersky researcher. "We have gone from calling them siblings to the realization that there is an underlying platform being used."

While the researchers have found clues to lead to the assumption that the same jerks are behind these worms, Kaspersky still has no idea of the location or identity of them. However, with the Stuxnet virus being used to destroy machinery used in the Iranian uranium enrichment program, it is believed the person or group behind it aren't particularly friendly with the country.



About the Author

Chris Paoli (@ChrisPaoli5) is the associate editor for Converge360.

comments powered by Disqus
Most   Popular