Tracking Zero-Day Vulnerabilities

Tracking Zero-Day Vulnerabilities
Tracking Zero-Day Vulnerabilities

Forwarded from: Security UPDATE 


St. Bernard's Very Best Offer on Web Filtering 

The Starter PKI Program 

Manage Vulnerabilities. Defend Against Threats. 

=== CONTENTS ==================================================
IN FOCUS: Tracking Zero-Day Vulnerabilities 

   - FastMP3Search Dubbed Baddest of the Bad
   - Websense Now Protects Citrix-based Virtual Applications
   - Microsoft Word Vulnerable to Remote Code Execution
   - Recent Security Vulnerabilities

   - Security Matters Blog: Zero-Day Tracker
   - FAQ: A PowerShell Command's Function
   - From the Forum: Seeking IDS Suggestions
   - Share Your Security Tips
   - IT Pro of the Month--November 2006 Winner

   - Improved Spam Filter for Postfix
   - Wanted: Your Reviews of Products 




=== SPONSOR: St. Bernard Software =============================
St. Bernard's Very Best Offer on Web Filtering
   Get the IDC-rated #1 Web filtering appliance and save with this 
great Holiday offer. For a limited time, get the iPrism Internet 
Filtering Appliance free with a 2-year subscription. Or, buy a 3-year 
subscription and get the appliance plus a fourth year of subscription 
free. iPrism is the easy-to-use filtering solution that stops Internet-
based threats. Get our best deal ever, get a Quick Quote now! 

=== IN FOCUS: Tracking Zero-Day Vulnerabilities ===============   by Mark Joseph Edwards, News Editor, mark at ntsecurity / net

Zero-day vulnerabilities (vulnerabilities that are published before the 
vendor has made a fix available) have been a part of computing since 
computers were invented. Publishing information about vulnerabilities 
too soon places the public at extreme risk, so you need to know about 
zero-day vulnerabilities as soon as possible. 

You can learn about new vulnerabilities through many channels. Mailing 
lists are the primary method for disclosing zero-day vulnerabilities, 
so you should subscribe to those lists that you think are important for 
your security work. Web sites are another source of information about 
zero-day vulnerabilities, and several track both vulnerabilities and 
associated exploit code. 

eEye Digital Security recently launched a new site called Zero-Day 
Tracker. Although the eEye Research Team doesn't always post zero-day 
vulnerabilities on day zero, you will find that new vulnerabilities do 
appear on the site within a few days of their publication. What I find 
most interesting about the site is that not only can you use it to 
learn about new vulnerabilities, but you can use it to mine data 
related to how vendors respond to zero-day vulnerabilities. 

The site tracks the date of publication of new zero-day vulnerabilities 
along with their perceived severity level, and eventually the date the 
vendor releases a patch. This data provides a clear view of how long 
the public is exposed to a given risk before the vendor provides some 
sort of official fix to correct the problem. 

For example, a quick glance at the site shows five high-risk 
vulnerabilities in Microsoft products for which there is no patch. As I 
write this, the newest of those is a Word vulnerability published a 
couple days ago, and the oldest is a problem with an ActiveX control in 
Visual Studio 2005 that has remained unpatched for 124 days. 

You can view similar data for vulnerabilities for which the vendor has 
released a patch. And the site doesn't confine itself to Microsoft 
vulnerabilities, it also lists other mainstream vendors that provide 
solutions for Windows platforms. So if you need to catch up on new 
vulnerabilities and exploits for Windows-related products, the site is 
a good place to visit. Consider bookmarking it. 

Speaking of zero-day vulnerabilities, Windows Vista, recently released 
to enterprises, has one, but it primarily affects Microsoft itself and 
not so much the users of Vista.

Microsoft publishes a key management service that lets enterprise users 
of Vista handle product activation without contacting Microsoft. With 
the key management service in place, Vista periodically contacts the 
service to keep the OS activated, and therein resides the 

Someone figured out how the key management service works, created a 
hacked version, and published it on the Internet as an easily loadable 
virtual machine (VM) image. So now people can download a copy of that 
VM, place it on their network, and effectively run pirated copies of 
Vista. This of course will cost Microsoft a lot of money in lost 
licensing fees. 

You might consider taking a look at the VM to figure out ways to detect 
it so that you can ensure that nobody runs a copy on your network. You 
can find a link to it on various Torrent tracker sites and standalone 
Web sites. To find related info, search the Internet for the string 

=== SPONSOR: Thawte ===========================================
The Starter PKI Program
   Securing multiple domains or host names? Learn how the Starter PKI 
program can save time and reduce costs, and provide you with a multiple 
digital certificate account. 

=== SECURITY NEWS AND FEATURES ================================
FastMP3Search Dubbed Baddest of the Bad undertakes an initiative to fight a plug-in that 
secretly disables Windows Firewall and downloads several other malware 

Websense Now Protects Citrix-based Virtual Applications
   Websense Enterprise and Websense Web Security Suite have been 
integrated with Citrix Presentation Server 3.0 and 4.0 to protect 
browsers, email clients, and other applications. 

Microsoft Word Vulnerable to Remote Code Execution
   A newly reported vulnerability in Microsoft Word could allow an 
intruder to launch remote code on an affected system. 

Recent Security Vulnerabilities
   If you subscribe to this newsletter, you also receive Security 
Alerts, which inform you about recently discovered security 
vulnerabilities. You can also find information about these 
discoveries at 

=== SPONSOR: Core Security ====================================
Manage Vulnerabilities. Defend Against Threats.
   Your IT and Security budgets are tight. This White Paper shows real-
world case studies demonstrating the ROI potential of automated 
penetration testing. 

=== GIVE AND TAKE =============================================
by Mark Joseph Edwards, 

eEye Digital Security has a new Zero-Day Tracker Web site. Now if it 
would only post information about zero-day vulnerabilities on day 

FAQ: A PowerShell Command's Function
by John Savill, 

Q: How can I determine what a Windows PowerShell command will do?

Find the answer at 

FROM THE FORUM: Seeking IDS Suggestions
   A forum participant is looking for both a host-based and network-
based intrusion detection system (IDS). Any recommendations or 
experiences to share? Offer your input at: 

   Share your security-related tips, comments, or problems and 
solutions in the Windows IT Security print newsletter's 
Reader to Reader column. Email your contributions to If we print your submission, you'll 
get $100. We edit submissions for style, grammar, and length.

IT PRO OF THE MONTH--November 2006 Winner
   Congratulations to Simon Zeltser, who was voted the November 2006 
"IT Pro of the Month." Adapting a solution he found in Windows 
Scripting Solutions, Simon developed what he calls a ProfileBackup 
solution, which executes in two phases: backup and restore. He was able 
to upgrade more than 1500 PCs remotely, saving the IT staff time and 
the company money. To learn more about Simon's solution and to find out 
how you can become the next IT Pro of the Month, please visit: 

=== PRODUCTS ================================================== by Renee Munshi, 

Improved Spam Filter for Postfix
   Message Partners announces Message Processing Platform (MPP) 3.0, 
which introduces an integrated pre- and postqueue spam filter for 
Postfix, an open-source email server used by service providers and 
enterprises for their email-filtering proxies. MPP 3.0's new Postfix 
Policy Server adds the ability to make prequeue admission decisions for 
many types of email messages (including multirecipient and 
multidomain). In addition to the Postfix Policy Server functionality, 
MPP 3.0 can automatically replace message attachments with a link to 
the server (to save bandwidth) and includes several other features. For 
more information, go to 

WANTED: your reviews of products you've tested and used in 
production. Send your experiences and ratings of products to and get a Best Buy gift certificate. 

=== RESOURCES AND EVENTS ======================================   For more security-related resources, visit 

No IT pro today works in a completely homogeneous environment, and with 
virtualization, your chances of dealing with multiple OSs is 
increasing. Attend TechX World--available online December 14--and find 
out about virtualization, OS interoperability, directory and security 
integration, and data interoperability. Register today for free! 

Sure, you know you've got compliance mechanisms in place. But do you 
have ways to easily and efficiently prove that your mechanisms are 
working? Join us for this free seminar to learn how you can demonstrate 
regulatory compliance for multiple regulations with fewer headaches. 
You'll also find out what "evidence" means to the auditor and make sure 
that you're collecting all the information you need! 

Maximize your investment in your VoIP network by using all of its 
capabilities. Learn to integrate Fax for IP to reduce TCO and increase 
ROI for your investment. On-Demand Web Seminar 

Discover a wealth of information about how to protect and secure your 
data in the event of a disaster. You may not be able to predict the 
exact details of a disaster, but you can be prepared with a solid 
response for when one strikes. Disaster can strike anywhere--not just 
where severe weather can hit--so make sure you're ready when it does. 
Download your free copy of this eBook today! 

Information is the "I" in "IT." Do you know where your information is? 
Is it protected? Backed up? Download this free podcast today to find 
out the top 5 reasons that you should be considering storage 

=== FEATURED WHITE PAPER ======================================
The average enterprise spends nearly $10 million annually on IT 
compliance. Download this free white paper today to streamline the 
compliance lifecycle, and dramatically reduce your company's costs! 

Bonus: Register for any white paper from Windows IT Pro during 
December, and you could win a Nintendo Wii! View the full list of white 
papers at -- 
and remember, the more you download, the better your chances of 

=== ANNOUNCEMENTS =============================================
Holiday Offer--Save $40 off Windows IT Pro   
   Don't miss Windows IT Pro magazine in 2007! As a subscriber, you'll 
have full access to must-have content covering Windows Vista 
deployment, virtualization and disaster recovery, Active Directory 
enhancements, Office 2007, SharePoint fundamentals, and much more. 
Order now and save $40: 

Make Your Mark on the IT Community!  
   Nominate yourself or a peer to become an "IT Pro of the Month." This 
is your chance to get the recognition you deserve! Winners will receive 
over $600 in IT resources and be featured in Windows IT Pro magazine 
and the TechNet Flash email newsletter. It's easy to enter--we're  
accepting January nominations now for a limited-time! Submit your 
nomination today: 

Security UDPATE is brought to you by the Windows IT Pro Web site's 
Security page (first URL below) and the Windows IT Security newsletter 
(subscribe at the second URL below). 

Subscribe to Security UPDATE at 

Be sure to add 
to your antispam software's list of allowed senders.

To contact us: 
About Security UPDATE content -- 
About technical questions -- 
About your product news -- 
About your subscription -- 
About sponsoring Security UPDATE -- 

View the Windows IT Pro privacy policy at 

Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department

Copyright 2006, Penton Media, Inc. All rights reserved.

Subscribe to InfoSec News 

Site design & layout copyright © 1986-2014 CodeGods