Zero Day Exploits – Could You Be At Risk?

By: Ms Mindy Matter Click author's name for more of his/her articles

Just a few weeks ago, Internet Explorer 7 users experienced the newest zero day exploit, and this one was far more serious than many seen in the past. Microsoft was good enough to release a patch for this concerning exploit a week after it was discovered, but it leaves many different kinds of computer users quite worried about the weaknesses in their own security systems. Even with the IE 7 zero day exploit, users were left with options, but before you explore exactly what those options were, it’s important to get a good grasp on zero day exploits as a whole.

Zero Day Exploits – Understanding the Concept
In short, a zero day exploit is an attack against a particular computer application. The entire point of a zero day exploit is to look at the weaknesses within a program and abuse them. In most cases, this is done with malevolent intent, but that’s not always the case. For example, sometimes security vendors will release zero day exploits so that they can gain an understanding of the holes in a program or a set of programs. Sometimes they even build holes into a program with the only goal of developing a knowledge base of how these kinds of scenarios work.

In most cases, zero day exploits, though, aren’t harmless attempts at gaining an understanding by a security company. More often than not, they are malicious in nature, and it’s rare that either the vendor or program buyers know about these zero day exploits. They’re always released before the software is actually sold, and vendors have little idea that they’ll have to struggle to get a patch together on the day of release.

Zero day exploits work with a variety of different triggers. For example, if the exploit is designed for a browser, as was the case with the Internet Explorer 7 zero day exploit, users could visit a given site or click on a particular link, and that causes the exploits to begin the cycle. In some cases, exploits are sent as an email attachment. Once the attachment is opened, the computer is at risk. File exploits like this do comprise the attacked system, but they also place confidential data at risk, and that’s the real concern with any zero day exploit. The biggest threat occurs between its own release and the software vendor’s patch release.

The IE 7 Zero Day Exploit
The recent problem with IE 7 was just one of many in a cycle, and unfortunately, the root of this one is not malicious. Chinese security researchers caused the problem, and while its roots aren’t malicious, the effects of it are. If an attacker gains access to the system thanks to the exploit created by these researchers, they get the same rights as a local user might. The only real safety valve here was the fact that if administrators had better rights than users on any given computer accessed by an attacker, fewer problems might occur, but that was rarely the case.

The problem began when, on Tuesday, December 9, Microsoft released an update for IE 7. If users visited a given site, they didn’t even have to click on anything within that site, a Trojan was installed, and that caused serious security risks for computers that allowed data to be stolen from each infected machine. Because almost 26% of computer users default to IE 7, Microsoft, and many computer owners, were quite concerned at the risk. The problem was made much worse by the fact that as soon as it was released, it began to develop its own variants. Security company after security company ranked it as the most serious zero day exploit they’d ever seen. Just days after the release, Microsoft reported "Our investigation so far has shown that these attacks are against Windows Internet Explorer 7 on supported editions of Windows XP Service Pack 2, Windows XP Service Pack 3, Windows Server 2003 Service Pack 1, Windows Server 2003 Service Pack 2, Windows Vista, Windows Vista Service Pack 1 and Windows Server 2008,” thus suggesting that almost everyone was in danger. The patch released to fix the problem seems to be holding it for now, but it’s hard to tell how the variants could react with time.

This particular zero day exploit took advantage of a heap overflow flaw in the XML parser. The Chinese team assumed it was known to Microsoft, but that wasn’t the case at all. Microsoft continues to investigate claims of the damage caused by this zero day exploit, and while the patch is working for most, it’s hard to tell what the future holds. The exploit led to attacks on all of the Microsoft browser system and that may only prove to cause further problems as time goes on.

Before the patch was released, there was almost nothing you could do to protect your system. Microsoft made several suggestions, but even if you took advantage of them, there was still quite a bit of potential that you would end up a victim. For example, if you had been a Windows Vista user before the patch was released, it was possible to run IE 7 in protected mode or the beta 2 version of IE 8 in the same mode. That, however, didn’t always work. Running IE 7 of a 2003 or 2008 Windows Server meant it ran in a restricted security mode called Enhanced Security Configuration, and that, for the most part, protected those users. Some users simple switched to another browser, which wholly protected them from tragedy. Browsers like Opera and Firefox are less prone to problems like these. Fortunately, because the zero day exploit could not be activated by email, some users were more protected than others.
Every zero day exploit is a different scenario. There’s literally nothing you can do to protect your system from every possible exploit. What’s more, though, is that Microsoft’s problems aren’t over even with the release of the patch. On Monday, December 15, another zero day exploit problem was revealed. Unlike the last, this one was a problem for a fairly limited group – those using an SQL server database application. It’s hard to tell what’s next in terms of zero day exploits for Microsoft users.

Article Source: ABC Article Directory

About The Author: By Mindy Matter for www.removeadware.com.au/ - Here you'll learn about online privacy and how to remove rogue programs: www.removeadware.com.au/ - Please link to this site when using this article.