[gui-talk] Article: Zero-Day Windows Shell Exploit Emerges

Steve Pattison srp at internode.on.net
Fri Sep 29 20:24:24 CDT 2006 

This article is taken from the Beta News home page at 
www.betanews.com.  -Steve.

Zero-Day Windows Shell Exploit Emerges
By Ed Oswald,
BetaNews
September 29, 2006, 2:58 PM

Microsoft confirmed the existence Thursday of a vulnerability 
affecting the Windows
Shell feature in Windows XP, 2000, and 2003. The issue exists in the 
WebViewFolderIcon
ActiveX control, and successful exploitation could result in an 
attacker gaining
the same user rights as a local user.

According the FrSIRT, the vulnerability was first discovered in 
mid-July, however
exploit code did not surface until recently.

According to a security advisory, the vulnerability can be exploited 
through a specially crafted Web site that exploits the vulnerability. 
However, Microsoft said a user would have to be tricked into visiting
the site.

Microsoft says that it is aware that proof of concept code is 
publicly available
on the Internet, but knows of no attacks that attempted to take 
advantage of the
flaw. "We will continue to investigate these public reports," it said.

Security firm Secunia has rated the issue as "extremely critical," 
and confirmed
the existence of the issue on a fully patched version of Internet 
Explorer 6 and
Windows XP SP2. It recommended users disable the "WebViewFolderIcon" 
ActiveX control,
which Microsoft did as well.

"We are working on a security update currently scheduled for an 
October 10 release,"
Microsoft said.

The existence of so called "zero-day exploits," or code that is 
released on the same-day
or before the exploit itself its publicly confirmed, on Microsoft 
products has increased
with the advent of the Patch Tuesday program.

Some security firms have coined the term "Zero Day Wednesday" to 
describe the flood
of exploits that seem to appear for critical Microsoft issues the day 
after the patches
repair the problem.

The amount of zero-day exploits in existence highlight the need for 
IT administrators
to stay on top and apply all applicable Patch Tuesday updates, 
security experts say.


Regards Steve
Email:  srp at internode.on.net
Skype:  steve1963
MSN Messenger:  internetuser383 at hotmail.com

More information about the gui-talk mailing list