The associated press is reporting that Microsoft is warning of a vulnerability that isn’t yet patched in their operating system. Details on how to protect yourself can be found in the link above.
The proposed solution from Microsoft involves pushing out a large registry change (that you must assemble yourself) that disables the compromised ActiveX control – that then must be applied to each and every system.
As if there wasn’t enough evidence already, this simply highlights how broken endpoint security is right now. You can guarantee that there is a frenzy of activity in both IT shops and criminal syndicates as they move to try to defend against the vulnerability and exploit it, respectively.
The need for protection for the endpoint without endless fire drills is now. We are posting our case for a rational transition to whitelisting to support this need in a series of posts. You can find the first two here:
It’s clear that patching isn’t going to fix all our problems. Even in the Verizon 2008 Data Breach Investigations Report, it clearly showed that patching is given far too high of a priority in most organizations. Fixing vulnerabilities is a step in the right direction but even that shouldn’t be the first priority. CoreTrace is definitely on the right path. By controlling what we know and denying execution of all else, we can be much more secure.
If I’m a hacker exploiting this ActiveX vulnerability as an entry point, the first thing I do is drop a rootkit. Fortunately, it won’t work if the administrator has positive control of the executables.