Network News

X My Profile
View More Activity

Microsoft Warns of More "Zero-Day" Exploits

Microsoft Corp. is warning Windows users to be on guard against a couple of unpatched security holes in its products that criminal hacking groups are actively exploiting.

According to an advisory issued on Friday, Microsoft's implementation of XML contains a flaw that bad guys can use to compromise Windows machines just by getting them to visit certain Web sites with Internet Explorer. The other problem, covered by an advisory released last Tuesday, resides in Microsoft's Visual Studio 2005 and is similarly exploitable.

Microsoft has had a tough time this year with so-called "zero-day" (or 0day) attacks -- those in which the bad guys leverage a previously undocumented software security hole to compromise computers hooked up to the Internet. Last year, Microsoft had to deal with just four zero-day attacks. From January through October of 2006, the company has had to chase down no fewer than 14 such attacks by my count, with most surfacing just after Microsoft's regularly scheduled monthly software patch release. Now it looks like we can add two more to that number.

Last week, Security Fix wrote about the "Month of Kernel Bugs" project, which promises to present proof of a new, undocumented security hole for each day of November. Today's bug is one that was actually reported to Microsoft back in Oct. 2004, according to Cesar Cerrudo from Argeniss, the guy credited with discovering the vulnerability.

By Brian Krebs  |  November 6, 2006; 11:56 AM ET
Categories:  Latest Warnings  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   StumbleUpon   Technorati   Google Buzz   Previous: 180Solutions/Zango to Pay $3M to Settle FTC Suit
Next: 'Supercerts' Aim to Highlight Legit Web Sites

No comments have been posted to this entry.

The comments to this entry are closed.

RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company