«

John Dunn, Security editor

November 11, 05
Tuesday will be zero day. One day.
Trojan writers are taking on Microsoft's patching cycle.

Only two days after Microsoft issued a patch for a “critical” flaw
related to the graphics rendering engine in Windows, Trend Micro has
unearthed a Trojan out to exploit it.

As it happens, the Troj_emfsploit.A (Trend’s name) does nothing worse
than cause the core Windows explorer.exe shell to crash, which is
merciful. The vulnerability could, according to Microsoft, have resulted
in an attacker taking complete control of any Windows 2000, XP
(including SP2) and Windows Server 2003 PC.

Anti-virus vendors are a miserable bunch, forever frightening us with
yet another dreadful portent. Anyone would think they profited from such
fear.

This one is significant, however, and could make those folksy-sounding
patch Tuesday bug patches Microsoft has turned into a monthly event a
good deal more tense in future.

How long before a major software company of the ilk of Microsoft faces
issuing a patch for a vulnerability that has already been exploited?
This is the so-termed “zero day” issue and the speed at which Trojans
are being cranked out now suggests this will happen soon, if hasn’t
happened already.

We could be about to enter a world of real-time patching, with periods
of vulnerability being measure in minutes rather than in days, as at
present. It is possible that the average enterprise with money to throw
at one of the legion of companies looking to provide real-time security
services, will be able to cope.

Can such a service be automated? Doubtful. Patches need to be tested if
they relate to core elements of the operating system or the services it
provides. This is always going to involve someone, somewhere scratching
their head and making a sensitive judgment.

Nobody in the early days of software could have forseen it, but code is
now evolving with a genetic fedundity not far short of a Drosphila fruit
fly. Security has done that to us.
--

http://www.euronet.nl/users/frankvw/...t/IhateMS.html

"Au79" <> wrote in message
newsZ8ef.13851$...
> John Dunn, Security editor
>
> November 11, 05
> Tuesday will be zero day. One day.
> Trojan writers are taking on Microsoft's patching cycle.
>
> Only two days after Microsoft issued a patch for a “critical” flaw related
> to the graphics rendering engine in Windows, Trend Micro has unearthed a
> Trojan out to exploit it.
>
> As it happens, the Troj_emfsploit.A (Trend’s name) does nothing worse than
> cause the core Windows explorer.exe shell to crash, which is merciful. The
> vulnerability could, according to Microsoft, have resulted in an attacker
> taking complete control of any Windows 2000, XP (including SP2) and
> Windows Server 2003 PC.
>


TREND have revised their opinion of this exploit -
http://www.techworld.com/security/ne...SS&NewsID=4781

--
Noel Paton (MS-MVP 2002-2006, Windows)

Nil Carborundum Illegitemi
http://www.crashfixpc.com/millsrpch.htm

http://tinyurl.com/6oztj

Please read http://dts-l.org/goodpost.htm on how to post messages to NG's