Thursday, February 22, 2007

Lowered ThreatLevel, New Word 0-day, and More Security Program Flaws

Just a quick note that eSoft has lowered the Threat Level back to normal levels after expected exploits for flaws disclosed on last week's patch Tuesday failed to materialize. If exploits appear, the Threat Level will be reraised.

In other news, Microsoft is warning of a new flaw in Microsoft Word that is being exploited in the wild on a limited, targeted basis. Few details are available at this time, but it leaves us wondering how long until this flaw will be fixed. Microsoft's recent track record at fixing flaws in Word that have exploits in the wild is very, very bad with the average response time being around 2 months.

Finally, we continue to be amused by the discovery of flaws in programs that are intended to enhance security. Trend Micro's ServerProtect web interface has a very easily exploited authorization bypass vulnerability. An attacker would only need to supply a cookie with a special name to get access to the web interface. We recommend you block external access to TCP port 14942, the default port for ServerProtect.

Of less consequence is a local privilege escalation in Cisco's Secure Services 4.x, Security Agent (CSA) 5.x, and Trust Agent 1.x/2.x. Secure services? Apparently not. Better go update.

[Note from the sponsor: eSoft's Intrusion Prevention Softpak protects users from the flaw in Trend Micro's ServerProtect product.]

No comments: