Are you Naked?  Exploits from the latest Microsoft Vulnerability seen in the wild

Which is worse, being seen naked running down the street or having a vulnerable computer leaving you exposed to attacks from drive-by downloads?   It is probably a matter of opinion (or local laws.)  Unfortunately, I think people are more concerned about being seen naked than whether they have a computer that is vulnerable.   Don’t get caught being exposed by having a vulnerable system!

  In my previous blog post, I talked about the way that malware is able to get onto your system.  Exploits from drive-by downloads take advantage of vulnerabilities in your browser, Active-X controls and other applications you run.  The second Tuesday of every month is “Patch Tuesday” sometimes known as  “Microsoft Tuesday” or “Black Tuesday.”  On Tuesday, September 9th, Microsoft announced another round of patches for 5 new critical vulnerabilities.    Well, it didn’t take very long as we are already seeing exploits in the wild from one of these vulnerabilities.  My colleague in our Symantec Security Response Team posted a technical blog entry covering the specific details if you are interested in finding out more on the Windows Media Encoder Buffer Overrun Vulnerability (BugTraq ID 31065).  Essentially what this means is that if you haven’t updated your operating system to patch against the vulnerabilities announced last week, your system could be compromised without doing anything unusual.  You visit one of your favorite websites and if it has been compromised, it could infect your system and install any malicious software.      

Other recent vulnerabilities that could leave you exposed include another round of recent Apple QuickTime vulnerabilities.  The majority of drive-by download attack toolkits target QuickTime since it is so prevalent on the everyday PCs.  Are you running QuickTime?  Since QuickTime is installed with iTunes for use with your iPod and iPhones - your system could be exposed as well.  You can find out more about the recent QuickTime vulnerabilities here (BugTraq ID 31212, BugTraq ID 31086)   These vulnerabilities do affect iTunes 8 and earlier and the Apple QuickTime players from 7.0 to 7.5.5.  Your QuickTime/iTunes should be set to automatically update, but if you are running a very old version it may not.

It only takes ONE vulnerable application or plug-in to possibly have your system compromised.   Luckily for current Norton customers, you were proactively protected the same day Microsoft vulnerabilities were announced – even if you hadn’t patched.  Symantec released proactive protection (called Generic Exploit Blocking signatures) to all customers and Browser Protection updates for our 2008 and 2009 customers to automatically protect against these underlying vulnerabilities.   This is also one of those protection capabilities that is unique to Symantec’s client protection.

Here are a few extra steps to protect yourself so you aren’t running around “naked”:

• Run Windows Update to make sure you have the latest patches updated from Microsoft (and all your other applications as well!)
• Run Apple Software Update or download the latest versions from Apple’s website to make sure you have the latest versions of iTunes and QuickTime.
• Run a top rated security suite known for having leading technologies to keep you ahead of today’s threats. Norton Internet 2008 and 2009 have Browser Protection technology built-in to protect against drive-by downloads and other Internet surprises — great incentive for current Norton users to update to the latest versions at no additional cost as part of their subscription!
• Keep a valid Symantec subscription to keep security updates coming

Keeping you covered,

John Harrison, aka “Dr. Drive-By”
Symantec Security Response