Security Watch

Messing With Web Components

Hackers go after your browsing sessions. Plus: Conficker worm is gone, but not forgotten; unrest in Egypt worries Microsoft, Cisco.

This year in Windows security is already off to an inauspicious start. So far, Microsoft's Jonathan Ness posted an explanation of at least five public security bugs Microsoft was tracking on its Security Research & Defense blog, none of which have been addressed with a patch.

And just this week, another Web components security advisory affecting every supported Windows operating systems. At issue is the way Microsoft's MIME-Hypertext Mark-up language protocol handler can allow attackers to construct malicious links posing as trusted HTML documents. Specifically, Redmond said the new vulnerability could "allow an attacker to cause a victim to run malicious scripts when visiting various Web sites, resulting in information disclosure."

Vulnerabilities in Web components and Internet protocol code that hamper IE browsing sessions was a trend that emerged last year and is now an ongoing problem.

Andrew Storms of nCircle isn't alarmed about the new advisory, but at the number of IE-based or related vulnerabilities that are unpatched this early in the year.

"At first glance (the advisory) looks grim because it affects every supported Windows platform," he said. "However, even though the proof-of-concept code is public, carrying out an attack using this complicated cross-site scripting-like bug will not be easy."

Working Group: Conficker Stopped
You may remember the Conficker worm that wreaked havoc on Windows systems in 2008 and 2009. Conficker was so widespread that Microsoft joined a Conficker Working Group, a task force that included several peers and competitors such as Shadow Server, Cisco, Facebook, IBM and VeriSign.

The group is now calling their efforts a success. The group said in a summary (.PDF here) that efforts by the working group to block domains before the Conficker author could reset the botnet or before Conficker strains could replicate were proved successful "despite errors."

Peer-to-peer botnets, like Conficker, aren't going away, the group said, but the ability to stop the botnet from hiding in or deploying from new domains cut Conficker off at the pass.

Don't get too happy though. The report points out that more collaboration is needed.

"Defining success as the full annihilation of a security threat may not be feasible," the report concluded.

Microsoft, Cisco React to Egyptian Crisis
The ongoing unrest in Egypt, up until recently one of the Middle East's most westernized and stable societies, has Microsoft shifting its operations in the region out of the "Smart Village" in Cairo. Although it didn't specify what operations it was rerouting, it's clear that when a country cuts off its Internet access, the alternatives are decidedly low-tech and have potential to threaten ongoing operations and security.

In a written statement, a spokesman from Redmond said the software giant "is constantly assessing the impact of the unrest and Internet connection issues on our properties and services. What limited service the company as a whole provides to and through the region, mainly call-center service, has been largely distributed to other locations."

As the week began, Internet service remained spotty if not non-existent, prompting companies with operations in Cairo such as Microsoft, Ernst & Young, FedEx and Exxon Mobil to seek other operational resources, and even shuttering local offices.

Reports from Reuters say the Noor Group, a local telecom operator that has a relationship with Telecom Italia, is the only concern still up on the network and was only allowed to do so that Cario's financial markets could continue trading.

It's unclear at this point whether such political turmoil will lead to an exodus of multinational companies to more stable locales. Even Cisco temporarily shut down its Cairo office.

On the home front, Microsoft employees such as Ashraf Elswify have joined in solidarity with Egyptian protesters. A rally at the Westlake Center in Seattle, reportedly attracted hundreds who agreed with the grievances of demonstrators who are opposed to the policies of Eqyptian President Hosni Mubarak.

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.


  • Windows Admin Center vs. Hyper-V Manager: What's Better for Managing VMs?

    Microsoft's preferred interface for Windows Server is Windows Admin Center, but can it really replace Hyper-V Manager for managing virtual machines? Brien compares the two management tools.

  • Microsoft Offers More Help on Windows Server 2008 Upgrades

    Microsoft this week published additional help resources for organizations stuck on Windows Server 2008, which fell out of support on Jan. 14.

  • Microsoft Ups Its Carbon Reduction Goals

    Microsoft on Thursday announced a corporatewide carbon reduction effort that aims to make the company "carbon negative" by 2030.

  • How To Dynamically Lock Down an Unattended Windows 10 PC

    One of the biggest security risks in any organization happens when a user walks away from their PC without logging out. Microsoft has the solution (and it's not a password-protected screensaver).

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.