Security News

Microsoft Corp. released a number of high-priority patches for its operating systems and Internet Explorer (IE) Web browser this week. Additionally, Adobe Systems, Inc. acknowledged another Flash Player bug while EMC Corp.'s RSA Security admitted the security exploit detailed in March compromised its systems.  Finally, EMC detailed its purchase of a privately-held provider of network monitoring solutions and NSS Labs, Inc. found that a selection of enterprise network firewalls were vulnerable to multiple attack vectors.

Focal Points:

• Microsoft has issued a record 64 patches this week, and about half of them are kernel related issues. This will be the fifth time in one year that the company has patched exploits associated with the kernel component of the Windows user interface file, "win32k.sys."  A zero-day vulnerability was also identified and confirmed working in Internet Explorer 9 on Windows 7 Service Pack 1 (SP1), though a patch is not yet available. That exploit allows an attacker to execute arbitrary code within Internet Explorer 9's protected sandbox and then break the limits of the sandbox to run uninhibited on a system. While the French security company that discovered the issue has only tested the effectiveness of the exploit on IE9, it reports that the flaw affects the "mshtml.dll" library in Internet Explorer versions dating back to IE6.
• Adobe has confirmed a second yet-unpatched bug in its Flash Player that is being targeted at legal departments in large corporations via a Word-based e-mail attachment claiming to be a copy of the American Bar Association's Antitrust Source newsletter. Though the exploit also exists in Adobe Reader and Acrobat, there are no known current attacks targeting the Portable Document Format (PDF). RSA Security revealed that the vulnerability disclosed in March had been used to penetrate and steal data on the company's SecurID two-factor identification products. RSA has embarked on what it terms a "massive outreach program" wherein it has already reached more than 60,000 of its customers to disclose more about the attack and address poor product implementation. In the RSA break-in, an Excel file caught by, but later retrieved from, a spam filter labeled "2011 recruitment plan.xls" was used to propagate the offending file. Unfortunately, a number of customers are forgoing these details as they are being required to sign a non-disclosure agreement (NDA) to delve into the depths of the attack.
• In other RSA news, the subsidiary's EMC parent has announced its acquisition of NetWitness Corp., a provider of network security analysis solutions. NetWitness helps detect and remediate increasingly sophisticated attacks from inside and outside the corporate firewall. NetWitness tools will be combined with RSA's CyberCrime Intelligence service, Data Loss Prevention Suite, and enVision platform. In a report on six of the most popular network firewalls, IT security testing company NSS Labs found that major issues would allow attackers to develop working exploits for the flaws found. Specifically, three of the six firewalls tested crashed when exposed to stability tests. An attack referred to as the "Sneak ACK" attack, which would allow an attacker to go around the firewall, was effective in five of the six firewalls tested.

Experton Group believes security exploits are becoming increasingly sophisticated as they target zero-day vulnerabilities and hide under the veil of trusted communications. IT executives must understand that effective security policies and enforcement requires multiple layers of redundant solutions with combinations of architecturally-overlaid technologies with ongoing automated and human monitoring. A set of security technologies and policies should assume that individual devices and product sets are vulnerable to multiple forms of attacks, and thus must be closely monitored, tested, and patched. Security policies and procedures remain secondary to ongoing operations, and both administrators and users are failing to follow best practices. Large corporations are increasingly targeted by hackers for reasons of fame, fortune, or differing ideals, and a renewed interest in security including gap analyses, product reviews, and third-party security testing and improvement should place atop the list of IT executive priorities.