关闭

来自中国的Unofficial Registry Script Blunts MS Word Zero-Day Attack

标签: microsoftsecuritybasicuserwindowsapplication
1645人阅读 评论(0) 收藏 举报

 


In the absence of a patch for a dangerous code execution hole in Microsoft Word, security experts are recommending that Windows users implement software restriction policies to blunt the effects of ongoing zero-day attacks.

Just days after anti-virus vendors warned that malicious hackers with links to China and Taiwan were exploiting the vulnerability to launch attacks against select business targets, independent researcher Matthew Murphy says Windows XP users can mitigate the risk by simply using the "Basic User" SRP (software restriction policy).

"By using the Basic User SRP, users can launch Microsoft Word without the ability to write to certain registry and file system locations that the in-the-wild malware requires access to," Murphy said in an entry on the SecuriTeam blog.

"This is a stop-gap measure based on the threat profile of the malware at this time and is only necessary if you're still running interactively as an administrator," he added.

PointerClick here to read about how Microsoft was recently rocked by an Internet Explorer zero-day flaw warning.

"If you are, it should be a priority to change that if at all possible," said Murphy, a security researcher who has worked closely with Microsoft's security response center in the past.

"[O]rganizations and individuals who follow best-practice and log on interactively as non-administrators are currently not at risk. Based on feedback, I should also note that you are at less risk from any exploit of this vulnerability if the vulnerable application is running without full privilege," he added.

Murphy also released a registry script that sets a Software Restriction Policy that runs any instance of 'winword.exe' with the 'Basic User' policy.

He made it clear that the effectiveness of registry fix script is entirely based on known characteristics of the payload and warned that future variants may alter the way the flaw is exploited.

Because Microsoft Word is such a widely used software program—at home and in the enterprise—the potential for a widespread attack remains significant.

eWEEK Special Report: Securing Windows

However, security experts maintain that the number of actual compromises remain very low because the first attack was pointed at very specific targets.

On the MSRC blog, Microsoft program manager Stephen Toulouse confirmed the flaw and the attacks and said a software update is scheduled for June 13 to provide a comprehensive fix.

"The attack vector here is Word documents attached to an e-mail or otherwise delivered to a user's computer. The user would have to open it first for anything to happen. That information isn't meant to say the issue isn't serious; it's just meant to clearly denote the scope of the threat," Toulouse explained.

He also confirmed that the attack requires admin rights and urged users to set limitations on user accounts to mitigate the risk.

The MSRC is investigating what is described as "singular reports of attacks" against a "couple of customers" that have been targeted.

The company has added detection signature updates to its Windows Live Safety Center.

Toulouse also shared some details of the attacks, noting that the first wave provided evidence of commonality.

"The attack we've seen is e-mail based. The e-mails tend to arrive in groups; they often have fake domains that are similar to real domains of the targets, but the targets are valid e-mail addresses," he explained.

Only two subject lines have been used so far. One is simply the word "Notice" and the other reads: "RE Plan for final agreement."

0
0

猜你在找
【直播】机器学习&深度学习系统实战(唐宇迪)
【直播】Kaggle 神器:XGBoost 从基础到实战(冒教授)
【直播回放】深度学习基础与TensorFlow实践(王琛)
【直播】计算机视觉原理及实战(屈教授)
【直播】机器学习之凸优化(马博士)
【直播】机器学习之矩阵(黄博士)
【直播】机器学习之概率与统计推断(冒教授)
【直播】机器学习之数学基础
【直播】TensorFlow实战进阶(智亮)
【直播】深度学习30天系统实训(唐宇迪)
查看评论
* 以上用户言论只代表其个人观点,不代表CSDN网站的观点或立场
    个人资料
    • 访问:3617854次
    • 积分:59501
    • 等级:
    • 排名:第39名
    • 原创:1549篇
    • 转载:1252篇
    • 译文:0篇
    • 评论:459条
    最新评论