News

XP, Vista Vulnerability Triggered by Safari Browser

Microsoft continued to investigate what it called public reports of a remote code execution threat for XP and Vista when Apple's Safari Web browser is installed.

Microsoft on Monday continued to investigate what it called public reports of a remote code execution threat for Windows XP and Vista when Apple's Safari Web browser is installed.

Over the weekend, Redmond issued security advisory 953818, which the company made clear was not a patch, but a guide to help potentially affected customers deal with the issue.

The desktop-based attack vector, known in the hacking community as a "carpet bomb," exposes a security hole that allows downloading of potentially malicious executables on a user or community desktop. These maladjusted executables come disguised as normal Windows executables.

Redmond was quick to point out that the blame rests on neither the operating system or browser, but on the interoperability of Windows and Safari.

"The [advisory] does not refer to vulnerability in either Safari or Windows themselves," wrote Tim Rains, security response communications lead for Microsoft, in an e-mail to Redmondmag.com. "Rather, it describes a blended threat in which files may be downloaded to a user's machine without prompting, allowing them to be executed."

According to Andrew Storms, director of security operations at nCircle Network Security Inc., the Safari bug Microsoft referred to in its weekend advisory is the same one uncovered in mid-May by independent security researcher Nitesh Dhanjani.

"It looks like Apple declined to treat that as a security issue." Storms said.

Meanwhile, researcher Aviv Raff said in his blog that an earlier vulnerability in several versions of Internet Explorer goes a long way in explaining the Windows side of the issue.

"I've decided to work with Microsoft on this issue," Raff wrote on May 31, "because this combined attack also exploits an old vulnerability in Internet Explorer that I've already reported to them a long, long time ago."

Microsoft's Rains added that the results from a combination of the default download location in Safari and the way Windows handles its application executables may trigger or exacerbate the potential vulnerability. However, he said, "Customers who have changed the default location where Safari downloads content to the local drive" on a workstation would not be affected by this issue.

Microsoft said it was keeping in close contact with the Apple security team as the investigation continues.

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.

Featured

  • How To Configure Windows 10 for Intel Optane Memory

    Intel's Optane memory technology can significantly improve the performance of your Windows 10 system -- provided you enable it correctly. A single mistake can render the system unbootable. Here's how to do it the right way.

  • Microsoft and SAP Enhance Partnership with Teams Integration

    Microsoft and SAP this week described continuing partnership efforts on Microsoft Azure, while also planning a Microsoft Teams integration with SAP's enterprise resource planning product and other solutions.

  • Blue Squares Graphic

    Microsoft Previews Azure IoT Edge for Linux on Windows

    Microsoft announced a preview of Azure IoT Edge for Linux on Windows, which lets organizations tap Linux virtual machine processes that also work with Windows- and Azure-based processes and services.

  • How To Automate Tasks in Azure SQL Database

    Knowing how to automate tasks in the cloud will make you a more productive DBA. Here are the key concepts to understand about cloud scripting and a rundown of the best tools for automating code in Azure.

comments powered by Disqus