Of the zero-day vulnerabilities patched Tuesday, Symantec is only seeing one being exploited in the wild. In just the few weeks since the Help and Support Center issue came to light, three public exploits have surfaced -- all using different attack mechanisms, said Joshua Talbot, security intelligence manager for Symantec Security Response. Symantec saw attack activity increasing on June 21, but it has since leveled out.

"Microsoft didn't rate the Outlook SMB attachment vulnerability as critical, but we think it's likely to be exploited," Talbot warned. "It appears fairly simple for an attacker to figure out and create an exploit for, which could cause executable file e-mail attachments, such as malware, to slip past Outlook's list of unsafe file types. A user would still have to double-click on the attachment to open it, but if they do, the file would run without any warning."

Talbot offered a possible scenario that could involve a targeted attack against an organization. In this scenario, he explained, a user could get a socially engineered e-mail with a malicious attachment disguised as something innocuous. Once convinced to click on the attachment, nothing would appear to happen. The user might delete the message and move on, assuming the file to be corrupted. In reality, he said, malware was secretly installed.

Mitigating E-Mail Attacks

As Oliver Lavery, director of security research and development for nCircle, sees it, July's patches are pretty mundane. The most interesting vulnerability for the enterprise is MS10-045, which lets an attacker use a specially crafted UNC path in an Outlook attachment to bypass Outlook's warning about opening potentially malicious attachments.

This is significant, Lavery said, because Operation Aurora and other high-profile e-mail attacks over the last year have been highly successful.

"The only startling advisory is MS10-044, which involves remote code execution via a Microsoft Access ActiveX control," Lavery added. "ActiveX vulnerabilities have been an ongoing problem for the last decade, and it's troubling that even though the technology is largely obsolete, we're still seeing an ongoing negative impact on security."

Windows 2000 End of Life

Lavery's colleague, Tyler Reguly, senior security engineer for nCircle, said the most interesting part of July's patch isn't an advisory -- it's Windows 2000 official end of life. Some Microsoft customers may continue to get updates via Microsoft's custom support agreement, he explained, but for most people, Tuesday was the end of the line. (continued...)

1  |  2  |  Next Page >