Recommended Product
Network Security Audit Software
Network Security Audit Software and Computer Security Tools
  Learn More
 
 
  Network Security Software
Network Bandwidth Monitor

Network Bandwidth Monitor
NBMonitor displays real-time details about your network connections & bandwidth usage.

   
Network Access Monitoring

Network Access Monitoring
ShareAlarmPro monitors network access to shared folders and resources.

   
Product Key Finder
Product Key Finder

Product Key Explorer retrieves over 800 software product keys from network computers.
   
Network Shares Monitoring

Network Share Watcher
Monitors network folders permissions and identify shares which are violating company data access policy.

 
 

Network Security News

Microsoft ActiveX Security Bugs 'Highly Critical'

December 23 2010

Researchers at Secunia are warning users about ActiveX bugs the firm described as 'highly critical.' Microsoft is unaware of any attacks targeting the issues.

Microsoft counted 106 security bulletins for 2010 when it released its final Patch Tuesday update for the year. But with 2010 now coming to a close, additional bugs are popping up – this time in an ActiveX control.

According to researchers at Secunia, "highly critical" vulnerabilities have been found impacting the Microsoft WMI Administrative Tools WMI Object Viewer ActiveX Control.

“Two vulnerabilities have been discovered in Microsoft WMI Administrative Tools, which can be exploited by malicious people to compromise a user's system,” reported Secunia. “The vulnerabilities are caused due to the "AddContextRef()" and "ReleaseContext()" methods in the WMI Object Viewer Control (WBEM.SingleViewCtrl.1) using a value passed in the "lCtxHandle" parameter as an object pointer.”

The vulnerabilities are confirmed in version 1.1 (WBEMSingleView.ocx 1.50.1131.0), though other versions may be affected as well, Secunia noted. A successful exploit would enable an attacker to execute arbitrary code, the firm warned.

Dave Forstrom, director of the Trustworthy Computing at Microsoft, said there have been no reports of attacks related to the issue, and the company is investigating the matter.

"Once we're done investigating, we will take appropriate actions to help protect customers," he told eWEEK.

Historically, ActiveX bugs have been big targets, noted Andrew Storms, director of security operations at nCircle.

“We haven't seen a good ActiveX scare in some time so time isn’t on our side, but it’s still too early to make a call on how things will shape up with this bug," Storms said.

Besides the ActiveX bugs, the company is also investigating a denial-of-service issue impacting IIS FTP 7.5, which ships with Windows 7 and Windows Server 2008 R2. Proof of concept exploit code has already been made public, according to Nazim Lala, IIS security program manager at Microsoft.

“First, this is a Denial of Service vulnerability and remote code execution is unlikely,” Lala blogged. “The vulnerability occurs when the FTP server attempts to encode Telnet IAC (Interpret As Command) character in the FTP response. The IAC character, which is represented as decimal 255 (Hex FF) in the response, needs to be encoded by the addition of another decimal 255 character in the FTP response where we find the presence of the IAC character.”

Due to an error in this processing, it is possible to get into a state where an attacker can overwrite part of the response with a string of 0xFFs past the end of the heap buffer, Lala explained. The end result is a heap buffer overrun.

“In that situation, the only data that a malicious client controls in this overrun is the number of bytes by which the buffer is overrun,” blogged Lala. “It cannot control the data that is overwritten...Also, the malicious client does not control the addresses where data is overridden, and the data is always overridden in a sequential manner. The FTP service 7.5 is also protected by Data Execution Prevention (DEP).”

“We’ll continue to investigate this issue and, if necessary, we‘ll take appropriate action to help protect customers,” Lala wrote. “This may include providing a security update through the monthly release process or additional guidance to help customers protect themselves.”

View more news

 
  Most Popular
 
 
  Popular Searches
network security magazine network security auditor network security news network security software corporate network security network security systems home network security product key finder password recovery software Network Bandwidth Monitor Network Access Monitoring data access policy monitoring remote shutdown Network File Search key recovery Network Monitoring Computer Security Ethical Hacking
 

 

Sponsored Links
Network Security Auditor
Nsauditor is a complete networking utilities package that includes more than 45 network tools and utilities for network auditing, scanning,network connections monitoring and more. For more information, please visit:
www.nsauditor.com


Password Recovery Software
SpotAuditor is All-in-one password recovery program that offers administrators and users a comprehensive solution for recovering passwords and other critical business information saved in users' computers. For more information, please visit:
www.password-recovery-software.com

BlueAuditor - Monitor YourBluetooth Network
BlueAuditor detects and monitors Bluetooth devices in a wireless network and allows network administrators to audit wireless networks against security vulnerabilities associated with the use of Bluetooth devices. For more information, please visit:
nsauditor.com/bluetooth_network_scanner.html