MS08-078

M$ 官方說明
M$ TechNet 說明
McAfee Blog 更詳細技術細節

簡單來說, 透過這個漏洞即能經由IE7 IE8beta 透過網頁使用 ActiveX 控制項放木馬, 建議更新 M$ 的 Patch 修正即可, 上面連結 McAfee Blog 的訊息不錯, 說的比官方的詳細, 有興趣的人可以前往一看
上網 Windows Update 更新吧

(其實右下的 McAfee Blog RSS 昨天就報了, 懶得翻 >.<) 想更進一步玩這個漏洞的, 請用 Key word 在 Google 找 AZN Trojan , Have fun la

關於12月9日被發現的IE漏洞, McAfee率先發佈在中國的攻擊發現, 當天Avert Blog即發表文章.
http://www.avertlabs.com/research/blog/index.php/2008/12/09/yet-another-unpatched-drive-by-exploit-found-on-the-web/

當天McAfee Network IPS亦可保護該弱點, 還有SiteAdvisor也同步掌握到很多網站散佈該惡意程式並評等為危險網站.

截至12/11日, 從VirusTotal報告指出, 還是祇有McAfee防惡意程式能偵測並阻擋針對此弱點的一隻惡意程式.


Microsoft has released their emergency out-of-cycle patch for the Internet Explorer 7 issue currently being exploited in the wild. Attached is the current Security Advisory for your use and distribution to your customers and partners. Some additional info for your use:

· McAfee Avert researchers were the first to notice exploitation of this vulnerability in the wild (in China).
· We analyzed the vulnerability and blogged it on the same day http://www.avertlabs.com/research/blog/index.php/2008/12/09/yet-another-unpatched-drive-by-exploit-found-on-the-web/ and notified our customers via a MTIS Security Advisory (hint – everyone needs to subscribe to these and the blog). Microsoft was also notified by McAfee about this threat.
· From the beginning our coverage for this threat has been solid across our product set. Screenshot of VirusTotal detection results from SEVERAL days ago WITH Artemis attached!
· McAfee NSP released signatures the same day to cover this issue; besides being the first NIPS vendor for providing detection for this specific issue, our generic signatures released in 6/28/2007 (530 days prior) also provided our customers with zero day protection against several exploits that we’ve analyzed so far.
· iDefense, in their alert, have credited us for finding this issue http://voices.washingtonpost.com/securityfix/iDefense_PressKit_ZerodayIE7_20081210.pdf I have also attached the pdf itself.
· SiteAdvisor had already flagged as red many of the sites that were hosting the malware.
· An AudioParasitic podcast episode is available on the subject here or through iTunes (hint – everyone needs to subscribe to this as well).


The McAfee Avert Labs Security Blog
McAfee® Avert® Labs Security Blog

The AudioParasitics Security PodcastAudioParasitics - The Official PodCast of McAfee® Avert® Labs

留言

這個網誌中的熱門文章

Xperia Mini Pro Root (SK17i)

由 瞎子摸象 事件來看世代交替的現像

Xperia Mini (ST15i) Root