Security Watch

IE Zero-Day Flaw Spoils Thanksgiving

Plus: Microsoft patches can result in black screens; when pandas attack.

• By Jabulani Leffall
• 11/30/2009

Before Black Friday and Cyber Monday, there was Zero Day. And with it came a new exploit in Internet Explorer for which Microsoft has issued a security advisory...all while many of the people it would affect most were on vacation.

Last week, a cursory investigation by Microsoft revealed a zero-day exploit that affects IE 6 SP1 on Windows 2000 SP 4, and IE 6 and 7 for XP and Windows Server 2003, Vista and Windows Server 2008. (IE 5.01 SP4 and IE 8 on all supported versions of Windows aren't affected.)

At the root of the flaw is the way that IE handles Cascading Style Sheet (CSS) objects, which are used to partition HTML code for Web page layouts. There are a few workarounds mentioned in the advisory -- upgrade IE browsers, disable JavaScript or enable security mode functions in later versions of IE.

But as the IT community braces for the last patch cycle of 2009, there is speculation whether an unpatched bug for the most common Web application in the world -- and for two of that application's more widely used versions -- will actually be fixed before Christmas.

"Internet Explorer versions 6 and 7 account for approximately 41 percent of Web browsers in use today, so this vulnerability will be an enticing one for attackers," said Michael Sutton, vice president of security research at Zscaler. "Attacks such as these are also prime candidates for targeting otherwise legitimate Web sites as an attack vector. The exploit can be triggered simply via HTML code, so attackers can inject code into Web sites with weak security protections."

Microsoft Patches Cause Black Screen
Meanwhile, as Windows enthusiasts await a patch for the IE zero-day bug, U.K.-based security firm Prevx is saying that last month's Microsoft patches aren't taking well to Windows 7, Vista, XP, NT, Windows 2000, Windows Server 2003 and Windows Server 2008, causing in some instances a black screen.

"In researching this issue, we have identified at least 10 different scenarios which will trigger the same black screen conditions," wrote Prevx's Dave Kennerley in a blog post last Friday.

Microsoft has yet to respond to these reports, and Prevx hasn't specified the number of users for which this issue could have lasting effects. And, of course, Prevx is offering a fix -- a free fix, sure, but still one available only from the company.

Pandas, Horses and Worms -- Oh, My!
Though pandas are usually only found in China, there's no word on whether they like to burn incense. But late last week, the Chinese government warned that a new version of the "Panda Burning Incense" virus, which in 2006 was responsible for infecting millions of that country's PCs, could be on the rise.

This Panda virus became famous for taking over computer programs and replacing users' Windows desktop icons with a panda bear holding three sticks of incense. Then, after the operating system got smoked, the worm would release password-stealing Trojan horses.

With Windows use up in China, the potential resurgence of pandas that are worms, burn incense and release horses is worrisome. These wild entities don't need an ark to cross an ocean -- just a vulnerable server or client-side click.

Also, consider that according to Chinese state media there were more than 338 million Internet users in the country by the end of June. That may not sound like a lot, especially from a country with a population that tops 1 billion, but 338 million is about 30 million more than the entire population of the United States. Oh my, indeed.