Threat Level: green Handler on Duty: Bojan Zdrnja

SANS ISC: Some more 0-days from ZDI - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Some more 0-days from ZDI

For those of us that are in patching world the last few weeks has not been fun.  It seemed like there was a new critical issue almost every other day and almost certainly just after you finished the previous round of patching. I guess that is what happens when a hacking firm is breached. 

Well unfortunately I'm here to add to your woes.  BK wrote in (thanks) to remind me that on the same day that Microsoft patched a critical issue, ZDI released four vulnerabilities that, whilst based on their CVSS score may not quite reach critical (in Microsoft world), will likely result in a patch for most systems (including Windows phone).  

In this case all four were discovered in-house, disclosed to the vendor over 120 days ago and as of release unlikely to have an exploit associated with it. That is however likely to change. 

Mark H

Mark

391 Posts
ISC Handler
It's not been fun. I can understand eliminating zero days as soon as possible but releasing POCs out in the wild that get put into exploit kits 2 hours later is highly irresponsible and a disservice to scores of millions of PC/Android/Mac/iOS/Windows Phone/Linux users. I'm sure the Crypto criminals love it though.

This is even straining the ability of automatic updating to apply the updates in time. I would say the world will be a better place after this episode, but there are probably thousands more zero days that we do not know about and maybe never will.
pdawg

7 Posts
Remember that Microsoft had 120 days to fix these before they got released. You are also assuming that the ZDI is the only one who has found these.
R

36 Posts
An important aspect overlooked by many (including me yesterday) is that the reported issues only affect the MOBILE version of Internet Explorer.

The text "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer, including on Windows Phone" in http://www.zerodayinitiative.com/advisories/ZDI-15-359/ may have contributed to the confusion.

However, all four pages indicate at the top: Affected Products: Internet Explorer Mobile
Erik van Straten

122 Posts
Quoting Erik van Straten:An important aspect overlooked by many (including me yesterday) is that the reported issues only affect the MOBILE version of Internet Explorer.

The text "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer, including on Windows Phone" in http://www.zerodayinitiative.com/advisories/ZDI-15-359/ may have contributed to the confusion.

However, all four pages indicate at the top: Affected Products: Internet Explorer Mobile


Also note this since this only affects Windows phone it is impossible to use another browser as there are no other browsers for Windows phone.
PW

63 Posts

Sign Up for Free or Log In to start participating in the conversation!