Messing With Web Components -- Redmondmag.com

Messing With Web Components

Hackers go after your browsing sessions. Plus: Conficker worm is gone, but not forgotten; unrest in Egypt worries Microsoft, Cisco.

By Jabulani Leffall
01/31/2011

This year in Windows security is already off to an inauspicious start. So far, Microsoft's Jonathan Ness posted an explanation of at least five public security bugs Microsoft was tracking on its Security Research & Defense blog, none of which have been addressed with a patch.

And just this week, another Web components security advisory affecting every supported Windows operating systems. At issue is the way Microsoft's MIME-Hypertext Mark-up language protocol handler can allow attackers to construct malicious links posing as trusted HTML documents. Specifically, Redmond said the new vulnerability could "allow an attacker to cause a victim to run malicious scripts when visiting various Web sites, resulting in information disclosure."

Vulnerabilities in Web components and Internet protocol code that hamper IE browsing sessions was a trend that emerged last year and is now an ongoing problem.

Andrew Storms of nCircle isn't alarmed about the new advisory, but at the number of IE-based or related vulnerabilities that are unpatched this early in the year.

"At first glance (the advisory) looks grim because it affects every supported Windows platform," he said. "However, even though the proof-of-concept code is public, carrying out an attack using this complicated cross-site scripting-like bug will not be easy."

Working Group: Conficker Stopped
You may remember the Conficker worm that wreaked havoc on Windows systems in 2008 and 2009. Conficker was so widespread that Microsoft joined a Conficker Working Group, a task force that included several peers and competitors such as Shadow Server, Cisco, Facebook, IBM and VeriSign.

The group is now calling their efforts a success. The group said in a summary (.PDF here) that efforts by the working group to block domains before the Conficker author could reset the botnet or before Conficker strains could replicate were proved successful "despite errors."

Peer-to-peer botnets, like Conficker, aren't going away, the group said, but the ability to stop the botnet from hiding in or deploying from new domains cut Conficker off at the pass.

Don't get too happy though. The report points out that more collaboration is needed.

"Defining success as the full annihilation of a security threat may not be feasible," the report concluded.

Microsoft, Cisco React to Egyptian Crisis
The ongoing unrest in Egypt, up until recently one of the Middle East's most westernized and stable societies, has Microsoft shifting its operations in the region out of the "Smart Village" in Cairo. Although it didn't specify what operations it was rerouting, it's clear that when a country cuts off its Internet access, the alternatives are decidedly low-tech and have potential to threaten ongoing operations and security.

In a written statement, a spokesman from Redmond said the software giant "is constantly assessing the impact of the unrest and Internet connection issues on our properties and services. What limited service the company as a whole provides to and through the region, mainly call-center service, has been largely distributed to other locations."

As the week began, Internet service remained spotty if not non-existent, prompting companies with operations in Cairo such as Microsoft, Ernst & Young, FedEx and Exxon Mobil to seek other operational resources, and even shuttering local offices.

Reports from Reuters say the Noor Group, a local telecom operator that has a relationship with Telecom Italia, is the only concern still up on the network and was only allowed to do so that Cario's financial markets could continue trading.

It's unclear at this point whether such political turmoil will lead to an exodus of multinational companies to more stable locales. Even Cisco temporarily shut down its Cairo office.

On the home front, Microsoft employees such as Ashraf Elswify have joined in solidarity with Egyptian protesters. A rally at the Westlake Center in Seattle, reportedly attracted hundreds who agreed with the grievances of demonstrators who are opposed to the policies of Eqyptian President Hosni Mubarak.

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.

Featured

Microsoft Graph 'Activity Logs' Feature Goes Live

Microsoft announced the general availability of the "activity logs" capability in Microsoft Graph, giving administrators more options to track user activity and identify patterns of potential misuse.
Fallout from Microsoft's 'Midnight Blizzard' Saga Hits Feds

When the Russian attack group Midnight Blizzard successfully breached Microsoft corporate e-mail accounts late last year, it apparently managed to steal U.S. government agency e-mails, too.
PowerShell Script Used in Phishing Attack May Be AI-Generated

A PowerShell script being used in a novel malware campaign may have been created by AI, according to security researchers at Proofpoint.
Using Microsoft Office to Build a Network Diagram, Part 1

Keeping documentation is a great way to ease your future hardware refresh and have what you need for insurance purposes.
Microsoft Claims Breakthrough in Quantum Computing Reliability

A new paper details Microsoft's recent progress in quantum computing -- specifically, its development of a system that is both significantly less prone to errors and better at correcting them.