Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe

Microsoft Patch Tuesday - March 2010 - "It Won't Happen To Me" Edition

Attacks Happen

There are many reasons why attackers may target your organization: they could be after your intellectual property, they may have political reasons or there may be financial motivations (if you have credit card data stored on your network). I've often heard people say, "Why would someone want to attack us?" The question should really be phrased, "Why would someone need to attack us?" Often you are targeted not because of who you are, but what you have. Google hosts email accounts that are interesting to certain parties. You may be a university with plenty of bandwidth or a business partner with a company who makes electronics that the attacker is after. The point is that you can't limit the reasons why you are going to be attacked. You have to secure your network with the mindset that someone will eventually come after you.

This brings us to this month's "Patch Tuesday". Two bulletins have been released by Microsoft, and I've included some examples of how they can be used for targeted attacks:


  • MS10-016 - Nessus Plugin ID 45020 (Credentialed Check) - This bulletin discloses vulnerabilities associated with Windows Movie Maker that occur when a user opens a Windows Movie Maker file. While this may be used in some targeted attacks, I suspect that not many organizations have this software widely deployed. However, the interesting thing about this vulnerability is that Movie Maker is built-in to certain versions of Windows Vista, which makes uninstallation very difficult. This means even if you are not using the software, you still need to apply the patches. While Movie Maker may not be the most popular client application available, as a penetration tester I would search for it anyway. For example, I found a web site that is hosting a forum for Windows Movie Maker users. A query for "running version" results in several pages of matches. You can even be more specific with your search and enter "2.1", which is the vulnerable version running on Windows XP. Most of the posts are made by people looking for help with a specific version of Movie Maker and they will reveal this information during troubleshooting. An attacker just needs to associate the forum userid or email with the target they are going after for a potentially successful attack to be well under way.
  • MS10-017 - Nessus Plugin ID 45021 (Credentialed Check) - This bulletin discloses seven different vulnerabilities in Microsoft Excel. I find it interesting to review the disclosure timeline on some of these vulnerabilities. For example, CVE-2010-0263 was disclosed to Microsoft on July 14, 2009, and was just recently fixed. Core Security also reported (CVE-2010-0243) on September 4, 2009.

    Microsoft ranks this vulnerability as "Important". The vulnerability itself does not exploit a remotely accessible network service and execute remote code, but that doesn't mean an attacker cannot use this information to construct specifically targeted attacks. Consider the following Google query:

    filetype:xls inurl:xls site:.gov

    The above search (as of today) returns 3,560,000 results (coincidentally, this number was the largest out of ".com", ".edu" and ".mil" top level domains). While this may not seem relevant, what stops an attacker from downloading all of the spreadsheets posted by a particular organization and analyzing the document metadata? Metadata is information contained within a document that can reveal the software type, version and platform it is running on in addition to the user who created it. With this information you could easily launch a targeted email attack. In fact, the attackers could have enough information to launch automated attacks that read the document metadata from a target's web site and then send the appropriate malicious Microsoft Excel document. While malicious PDF documents are all the rage these days with attackers, there is no reason why they cannot easily make a shift or use Microsoft Office documents along with the more traditional PDF attacks. One could make the argument that the attackers could do the same with PDF documents (and they probably are), but since malicious PDFs are something that organizations are now expecting, attackers may choose to mix up their attack vectors.

Related Articles

Cybersecurity News You Can Use

Enter your email and never miss timely alerts and security guidance from the experts at Tenable.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable Nessus Professional Free

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
Now Available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro Trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Try Tenable Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Buy a multi-year license and save more.

Add Support and Training