|
Recent
Articles |
IT Services Outsourcing When You Don't Know...
IT services outsourcing is what you need to do when, not if, your prospects ask for products and services that you are not able to deliver. Many new business owners think they need to know everything. They fear not...
Collaborative Information Security Next?
Have anyone ever been on the phone with a client after the job, where the client wants more information, needs a copy of the report, or just wants to spend some time discussing the implications of the report that the company generated for them? The files are...
Windows Vista Picture Clearing Up
Two stories that have been making the rounds over the weekend: First, there was some misunderstanding that Vista's licensing terms have been changed to make them more restrictive and remove rights away from the user. The important area: The first user of the...
Intel Creates Super-Spiffy New Chip
The latest prototype from Intel involves some very popular buzzwords - "silicon," "hybrid," and "laser" are all present, and the company's Silicon Hybrid Laser (HSL) chip could act as "a breakthrough that...
The Buzz About Virtualization
There is a lot of buzz going around about Virtualization. What is Virtualization, and what benefits does it provide? In this article we will take a look at the technology to see how it can provide a great deal of flexibility and cost effectiveness for IT professionals and software...
|
|
|
12.12.06
Keeping An 'eEye' On Zero-Day Exploits
 By
David Utter
Marc Maiffret's eEye security firm recently launched the Zero-Day Tracker, a website where the company will post and archive information on vulnerabilities hit by zero-day exploits.
When a patch emerges from a prominent software company like Microsoft or Oracle, the details of a new vulnerability can spur malicious people to try and exploit those issues before customers apply the patches.
"The increasing proliferation of zero-day vulnerabilities means the previous window of opportunity IT had to secure networks between the release of a software patch and an attack has been slammed shut," said Maiffret, eEye's founder and CTO.
Citing consumer demand, eEye launched the Zero-Day Tracker to meet the need for more information about the exploits that can plague a system administrator on any size network.
Maiffret indicated a point of difference between the Zero-Day Tracker and other vulnerability & exploits tracking services:
The eEye Research Team investigates vulnerabilities independently of other reports, separating "denial of service" vulnerabilities from those that are truly exploitable through exhaustive, expert research. An example of this can be found here.
Originally reported as a "denial of service" flaw, eEye demonstrates that the vulnerability is actually exploitable. By tracking the vulnerability in detail, eEye enables security professionals to implement mitigation strategies immediately.
Currently the site has seven active unpatched vulnerabilities listed, plus 17 more that have been patched and archived.
The most recent exploit listed affects Adobe Reader and Adobe Acrobat Standard and Professional versions.
An ActiveX issue with those products could permit remote execution of arbitrary code on a targeted Windows system.
Any malicious website could host the ActiveX payload and corrupt a machine, which would be a huge problem if the user has Administrator rights when the code hits.
About the Author:
David Utter is a business and technology writer for SecurityProNews, WebProNews, and InternetFinancialNews.
|
