Zero Day Security Advisories: Caveat Emptor

Microsoft and Adobe have led the charge in 2011 in releasing security advisories warning of potential Zero Day vulnerabilities.

On “Patch Tuesday” Microsoft had an overwhelming 17 security bulletins (nine of which have been given Microsoft’s highest severity rating of “critical”), addressing 64 security vulnerabilities.

Internet Explorer at Risk of Zero Day Vulnerability

One of the vulnerabilities reportedly fixed will be the MHTML rendering flaw that was discovered earlier this year. Internet Explorer was one the products found to be at risk from the zero-day vulnerability that could allow maliciously crafted webpages to execute code in any “zone” regardless of which zone is specified.

Any applications that use Microsoft’s HTML renderer can be attacked including Internet Explorer, but applications that always open web content in the “Restricted zone” are not affected including Outlook, Outlook Express, and Windows Mail.

For individuals, or people who only manage a small number of computers, Microsoft has provided a “Fix it tool” that allows users to apply their recommended settings without having to use GPOs or having to manually edit registry keys.

Zero Day Security Flaw in Adobe Flash Player

Adobe Systems Inc. has also issued a security advisory notifying users of a serious Flash Player zero-day exploit that could be used by attackers to gain complete control of a system.

A critical vulnerability exists in Flash Player and earlier versions (Adobe Flash Player and earlier for Chrome users) for Windows, Macintosh, Linux and Solaris, Adobe Flash Player and earlier versions for Android, and the Authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.2) and earlier 10.x and 9.x versions for Windows and Macintosh operating systems.

This vulnerability (CVE-2011-0611) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being exploited in the wild in targeted attacks via a Flash (.swf) file embedded in a Microsoft Word (.doc) file delivered as an email attachment, targeting the Windows platform.

At this time, Adobe is not aware of any attacks via PDF targeting Adobe Reader and Acrobat. Adobe Reader X Protected Mode mitigations would prevent an exploit of this kind from executing.

it seems to be only a matter of time before we see criminals trying to exploit these flaws, so keep your systems up to date!