Vulnerabilities for March 2007
Vista Mail Bug
This article shouldn’t be a surprise. Microsoft’s predecessor to Outlook Express, called Vista Mail, might have one of its first exploits. A vulnerability in the way the mail client handles specially crafted links in e-mails could allow the running of arbitrary codes from a remote user. Microsoft has said that they have not seen any attacks specifically taking advantage of the security hole and a resolution should be out on the next “Patch Tuesday.”
We’ll see what happens, but until then, if you are one of the Vista Mail pioneers, I’m going to recommend the same advice I always give in this situation. Don’t link out of your e-mails unless you’re absolutely sure the link and source are trustworthy. You may want to make sure that you are using a Limited User Account when checking your mail, so in case things do go bad, the attack is contained, due to your user’s lack of permissions.
Skype, the popular peer to peer telephony networking service is experiencing a Trojan within their walls. Using the Skype instant messenger client, attackers are sending out messages with the subject line of “Check on this” and an attachment with the file name of file_01.exe. The attachment, if successfully executed, infects your system and immediately attempts to propagate by finding the user’s contacts and sending out several different and updated versions of itself to them. The virus payload on the local PC allows the attacker to execute arbitrary code, in essence turning your machine into their bot.
Skype doesn’t really hide the fact that their messenger service has been seeing this Trojan attack and infecting users in their community. In fact, representatives said that they have always tried to warn their users of the potential risks of blindly opening files from unsolicited users. A company representative also stated that Skype has also been looking into a partnership or contract with a security company to help protect against these types of attacks, while using strategies, such as link filtering.
Star Office Vulnerability
StarOffice, a popular suite from Sun Microsystems and very similar to MS Office, has a vulnerability that could allow a remote user the ability to execute remote code on a user’s PC, by using a specially crafted file. The StarCalc file, with the file extension of .sdc, would grant the same rights to the local user as to the hidden attacker. This, once again, could allow attackers to execute commands and execute code at their discretion, ultimately turning your system into a bot.
The vulnerability affects StarOffice versions six through eight and as of yet, there are no patches or fixes for the problem. But, do keep in mind that this was only discovered this past Monday. As of now, Sun Microsystems has not seen any exploits taking advantage of the security hole and they hope they can get things patched before something does come down the pike.
Although Sun hasn’t listed any available work arounds as of yet, I would recommend staying away from any .sdc files coming from outside sources, unless you are expecting one. I would also get used to running StarOffice with a Limited User Account, so if there is an infection, it is mitigated by your lack of rights.
In all actuality, I believe these three security holes (bug, vulnerabilities and the Trojan) are all pretty easily avoided by utilizing some common sense. Stay away from links and attachments from unknown sources or even unsuspecting, odd looking e-mails with attachments from intensities that appear to be one of your contacts. You may really want to run your system as a Limited User as well. This can really lessen the damage done if you happen to get infected. And last, but not least, update, update, update! They’re simple, but effective rules to remember and following them should help your system to stay secure.
I will keep you all posted on any and all updates that fix these exploits, so you won’t have to worry about them anymore. Until then, just try to help yourself by paying close attentions to what you’re clicking on.
Until next week, stay safe out there!
~ Chad Stelnicki