Microsoft is Guilty For The PDF Attack

Windows Security : Microsoft is Guilty For The PDF Attack

Posted by Max on 2007/10/29 14:50:00 (1089 reads)

Microsoft acknowledges that they are to blame for the latest wave of PDF attacks. Since there is a public exploit which takes advantage of a Windows vulnerability trough an Adobe Reader flaw, here has been an intense debate over who's to blame in this case. Adobe quickly acknowledged the flaw and issued a patch as described in the Security Bulletin no. APSB07-18:

Critical vulnerabilities have been identified in Adobe Reader and Acrobat that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system. This issue only affects customers on Windows XP or Windows 2003 with Internet Explorer 7 installed. A malicious file must be loaded in Adobe Reader or Acrobat by the end user for an attacker to exploit these vulnerabilities. It is recommended that affected users update to Adobe Reader 8.1.1 or Acrobat 8.1.1.

On the other hand, Microsoft was forced to work around the clock to fix the root cause which is the faulty implementation of ShellExecute() API. However, I've never seen Microsoft going so much out there and acknowledging the faults in their software: Bill Sisk, a member of the Security Response Communications Team writes on the Microsoft Security Response Center Blog (MSRC):

Third party applications are currently being used as the vector for attack and customers who have applied the security updates available from these vendors are currently protected. However, because the vulnerability mentioned in this advisory is in the Microsoft Windows ShellExecute function, these third party updates do not resolve the vulnerability – they just close an attack vector.

As part of our SSIRP process we currently have teams worldwide who are working around the clock to develop an update of appropriate quality for broad distribution. Because ShellExecute is a core part of Windows, our development and testing teams are taking extra care to minimize application compatibility issues.

To help protect yourself during the interim we continue to recommend that you should always exercise extreme caution when opening unsolicited attachments from both known and unknown sources and/or visiting untrusted websites. This is absolutely one of the most effective ways to help protect yourself from a variety of threats on the Internet today.

According to security researchers, the infamous Russian Business Network (RBN), a collective of cybercriminals, is behind the PDF assault. When recipients open an attack PDF, a combination of Trojan Horses, downloaders and rootkits strike, knocking out the Windows firewall and installing code that captures all information entered into any SSL-secured form on a web page. That information is then transmitted back to RBN.

Anyway, update your Adobe client as soon as possible and DO NOT open unusual PDF attachments.

Previous article - Next article

Other articles
2009/11/3 14:55:39 - BitDefender Top Ten Malware Threats for October 09
2009/11/3 14:29:38 - Nov. 09 Microsoft Security Intelligence Report
2009/10/7 15:19:17 - StopSign AntiVirus and Anti-Malware is Windows 7 Compatible
2009/10/7 15:11:26 - New Outlook Backup and Migration Software By Disk Doctors
2009/9/30 4:20:57 - Microsoft Security Essentials, FREE Security Tool Just Released
2009/9/28 14:31:52 - New Rogue Antispyware Cloaked To Infects Computers
2009/9/9 4:31:49 - Trend Micro Proves Leadership in URL Filtering and Web Security
2009/9/9 4:16:20 - New Free Tool to Clean Conficker Once and For All
2009/9/1 8:37:11 - Kaspersky Internet Security 2010 and Kaspersky Anti-Virus 2010 Out Now
2009/9/1 7:54:50 - NEW P2P Advertising Network Protects Users Against Lawsuits And Identity Theft

The comments are owned by the poster. We aren't responsible for their content.