| Excel 0day: old is new at Microsoft |
|
|
|
| Wednesday, 28 June 2006 | |||||
|
What we are seeing is something very interesting in the case of the recent Excel 0day exploits being released, and that is older code base still being used in current applications. While many new applications are being built with secure coding and follow-up auditing, old functionality is needed to be maintained to ensure compatibility with documents produced on older versions. Code recycling is causing what was thought to be secure to now become insecure. In the case of the latest round of Excel exploits it appears that by simply hinting at a possible flaw has caused people to look more deeply into the affected application. In December of 2005 there was a Ebay posting of an "Excel 0day" for auction that was quickly pulled by the online auction house. While we are not suggesting that the latest round of exploits used this flaw, we can postulate what is going on... Upon seeing the auction information, other security researchers and blackhats alike thought "hmm maybe I can find this flaw as well?". Indeed they have found flaws in Excel, but it does appear that they are not actually the same flaw that the original person had discovered and offered for sale and subsequently patched in the latest round of security fixes released by the software giant. Instead of doing a proper audit of the base code, all they did was apply some mitigation workaround to prevent the known flaws from being executed, and not verifying if other attack vectors may be possible. We think that this trend will continue at a steady pace as more and more fixes are released for current products. Further those application with a long code base history will still continue to be plague with flaws [ as was the case in the WMF exploit which leveraged a old piece of code left over from Windows 98 in the SetAbortProc function]. We belive that this trend will continue for sometime and shows no signs of slowing down. ...where did Microsoft go yesterday?
Powered by a Zone-H(ified) version of AkoComment 3.0! DISCLAIMER: Forum postings are the opinion of the posting author alone, and should not be taken as the opinion of Zone-h. The author is entirely and solely responsible for all content that he/she uploads, posts, or otherwise transmits via the website. Zone-h is not responsible for such content. However, Zone-h shall have the right, but not the obligation, to delete, move, or edit any content that violates this agreement or is otherwise objectionable as determined by Zone-h in its sole discretion and without notice. |
|||||
There has been much talk in the past weeks about several new 0day
vulnerabilities in Excel. This has raised many questions about
Microsoft's security and their role in fixing problems in their code
base, especially with Vista coming out soon.
| < Prev | Next > |
|---|
