By Joe Wilcox
February 5, 2007
Microsoft zero-day vulnerabilities are increasingly so commonplace, the
risk is lost with the message. On Feb. 2, Microsoft issued another
security alert, this one for Excel, that largely went unnoticed.
In its security bulletin, Microsoft warned that "other Office
applications are potentially vulnerable" to the zero-day flaw.
Zero-day refers to a flaw for which there is an exploit but no available
fix. The Excel vulnerability is Microsoft's fifth zero-day exploit since
December, and part of an increasingly troubling trend.
The zero-day flaw affects Office versions 2000, XP, 2003 and 2004 for
the Mac, but not 2007 or Works 2004, 2005 or 2006.
An attacker could exploit the flaw either by enticing a user to click on
a file hosted on a Web site or an attachment sent via e-mail. Either
exploit would require some end-user interaction.
The vulnerability poses the greatest risk to users running with
Administrator privileges. Successful exploit of the attack would grant
the attacker the same user rights as the user. Office running on Windows
Vista could be more hardened to the attack, as all userseven those
running as Administratorsoperate in standard mode.
Until a patch is released, Microsoft recommends that users avoid opening
attachments from "untrusted sources or that you receive unexpectedly
from trusted sources."
Security software developers are taking the ongoing zero-day flaw
problem seriously. On Feb. 6, at the RSA Conference in San Francisco, CA
will announce a host-based intrusion prevention system tool for
combating zero-day vulnerabilities.
Trend Micro also is bolstering features, particularly those that detect
"A lot of the zero-days are variants on existing code," said David
Finger, Trend Micro's global product marketing manager. "We're able to
use a lot of indicators to detect [malicious behavior]."
Zero-day flaws present unique problems for security software, in part
because of the way security signatures are developed and dispatched.
Time is another factor. The days are gone when security software
developers could respond with patches in a few days.
"Now, it's minutes," Finger said.
One response tactic is to harden software against blended attacks, which
the new Excel zero-day exploit is good example. Some of that hardening
occurs within the operating system, like Microsoft's User Account
Control feature in Windows Vista, Finger added.
For Trend Micro and some of its competitors, security software uses
heuristics and other techniques to assess virus-like behavior.
Microsoft is taking the zero-day threat more seriously than ever. Two
weeks ago it brought together security experts and botnet hunters to
Still, Microsoft's responsiveness to some zero-day exploits falls short
of the urgency. During January's release of security updates, Microsoft
pulled zero-day Word flaws at the eleventh hour. The company next
releases security patches on Feb. 23.
Microsoft's untimely response relates to compatibility testing. If a
patch breaks enterprise applications, the cure could cause more problems
than the zero-day threat.
Subscribe to the InfoSec News RSS Feed