Print this article  |  E-mail this article  |  Comment on this article

Zero-Day Windows Shell Exploit Emerges

By Ed Oswald, BetaNews

September 29, 2006, 2:58 PM

Microsoft confirmed the existence Thursday of a vulnerability affecting the Windows Shell feature in Windows XP, 2000, and 2003. The issue exists in the WebViewFolderIcon ActiveX control, and successful exploitation could result in an attacker gaining the same user rights as a local user.

According the FrSIRT, the vulnerability was first discovered in mid-July, however exploit code did not surface until recently.

According to a security advisory, the vulnerability can be exploited through a specially crafted Web site that exploits the vulnerability. However, Microsoft said a user would have to be tricked into visiting the site.

Microsoft says that it is aware that proof of concept code is publicly available on the Internet, but knows of no attacks that attempted to take advantage of the flaw. "We will continue to investigate these public reports," it said.

Security firm Secunia has rated the issue as "extremely critical," and confirmed the existence of the issue on a fully patched version of Internet Explorer 6 and Windows XP SP2. It recommended users disable the "WebViewFolderIcon" ActiveX control, which Microsoft did as well.

"We are working on a security update currently scheduled for an October 10 release," Microsoft said.

The existence of so called "zero-day exploits," or code that is released on the same-day or before the exploit itself its publicly confirmed, on Microsoft products has increased with the advent of the Patch Tuesday program.

Some security firms have coined the term "Zero Day Wednesday" to describe the flood of exploits that seem to appear for critical Microsoft issues the day after the patches repair the problem.

The amount of zero-day exploits in existence highlight the need for IT administrators to stay on top and apply all applicable Patch Tuesday updates, security experts say.

Add a Comment (34 Comments)

BetaNews reserves the right to remove any comment at any time for any reason. Please keep your responses appropriate and on topic. Foul language and personal attacks will not be tolerated.

Name (required):

E-mail (required):

Enter Your Comment:

By robmanic44

posted Oct 2, 2006 - 5:34 AM

If you are looking for a totally secure system you can turn off your computer. Otherwise, choose the browser you're most comfortable with, and use it.
This discussion seems both endless and pointless.

Score: 0

By Scotch Moose

posted Oct 3, 2006 - 10:48 AM

You don't have to turn off your Windows machine to be secure, just unplug the network cable.

Score: 0

By foxfyre

edited Oct 1, 2006 - 1:11 PM

Yawn...

Windows vulnerabilities are no longer news..its business as usual...the status quo

What is really funny is to listen to the various folks occupying high school cafeterias STILL debating it.

Move on folks...

Score: 0

By SF

edited Sep 30, 2006 - 8:19 AM

Isn't this the exploit that has been MASSIVELY spreading over Yahoo! Messenger for like several weeks now?

Score: 0

By Tenoq

posted Oct 1, 2006 - 10:02 PM

Yahoo Messenger uses Web Folders with ActiveX? What the?

Score: 0

By tipsyboy

edited Sep 30, 2006 - 9:43 AM

Everybody should acknowledge that information about security issues are valuable. So - whatever browser you prefer or not is of no relevance for this info. And, maybe, you could even inform those, whom you are laughing about - those who need your knowledge. Come on, help your fellow human beings, even if you're doing it for the 1xxnd/th time!

Score: 0

By terminalx

posted Sep 30, 2006 - 9:31 AM

almost all of these vulnerabilities can be avoided if said person is not the type of person who calls and asks how to turn their pc on...most of these exploits are easily avoidable and are caused by user error granted the exploit is there but if you dont get tricked into downloading something or going somewhere you should not be this is not an issue

Score: 0

By calq

edited Sep 30, 2006 - 2:55 AM

IE7 is NOT vulnerable

Score: 0

By Tenoq

posted Oct 1, 2006 - 10:02 PM

Nor is any other major browser - they don't support ActiveX for a reason.

Score: 0

By jessshaun

posted Sep 30, 2006 - 7:06 AM

THIS time...

Score: 0

By Jim

posted Sep 29, 2006 - 9:21 PM

Odd how I don't see a large article posted on the recent 0day OpenSSH vulnerability, though I suppose its only a dos and not a remote execute so its not as bad but you all know what I mean..

Score: 0

By prndll

posted Sep 29, 2006 - 5:50 PM

tell me again how XP is the safest and most secure thing Microsft has ever made.

Score: 0

By crashoverride

edited Oct 1, 2006 - 1:00 AM

Windows 9x/ME..... nothing else to say

Score: 0

By The MAZZTer

posted Sep 30, 2006 - 12:13 AM

"tell me again how XP is the safest and most secure thing Microsft [sic] has ever made."

That's easy, it's because their previous OSs are even MORE unsecure. :)

Score: 0

By prndll

posted Oct 1, 2006 - 10:41 PM

I could easily avoid most (not all, but most) problems by using an older os like 98se.

Score: 0

By morriscox

posted Oct 2, 2006 - 10:59 AM

Not really. Windows 95 and 98 are a cinch to break into.

Score: 0

By ConceptJunkie

posted Sep 29, 2006 - 7:17 PM

Where have you been? XP is a ton more secure than it's been in the past, and a ton more secure than prior versions of Windows.

Just because it's not perfect yet (this is Microsoft after all) doesn't mean it's not the best ever.

What spurious logic behind that complaint.

Score: 0

By prndll

posted Sep 29, 2006 - 10:22 PM

not perfect yet?
come on!
How many daily to weekly problems do we have to hear about?
I'm not seeing the most secure. I see more vulnerabilities being found in XP than has ever been found in any other OS. Many of them are actually created (as per Microsoft's own admissions) form their own so-called fixes.

Score: 0

By Tenoq

posted Oct 1, 2006 - 10:05 PM

Ever consider that times have changed in the last 8 years? The internet is more widely used in greater capacity than ever before - it goes without saying that security vunerabilities are found more readily today.

And I think you'll find if you go and install Windows 98 and update it, you find a similar number of patches to XPSP2 - and then you'll be missing 2-3 years of security upgrades.

XP is the most secure MS platform for home users. 9x code is not even in the race - it's a pre-Internet design.

Score: 0

By prndll

posted Oct 1, 2006 - 10:40 PM

You qualification was "and update it"

If I were to install 98se, I would not update it.

Score: 0

By morriscox

posted Oct 2, 2006 - 11:01 AM

Cannon fodder.

Score: 0

By cap737

posted Sep 30, 2006 - 2:05 AM

True, how many xp fixes repaired one problem and leave room for another problem to come up? I like the comment on the bottom of this page; it's best to use a browser, like firefox, that doesn't support ActiveX control.

Score: 0

By GCoder

posted Sep 29, 2006 - 4:55 PM

OH ZOIKS!

NOT ANOTHER ZERO DAY!

Too bad for you guys that run windoze...

Score: 0

By crashoverride

posted Oct 1, 2006 - 12:49 AM

BRING IT ON!!!!

Score: 0

By THZGryphon

posted Sep 29, 2006 - 7:50 PM

I run Windows, come get me.

Score: 0

By Kylde

posted Sep 29, 2006 - 7:56 PM

ditto, a careful balance of AV, browser etc & yre laffing :)

Score: 0

By Mark Gillespie

posted Sep 29, 2006 - 3:55 PM

As usual, Opera and Firefox users are unaffected, as they don't support ActiveX for good reason..

Score: 0

By calq

posted Sep 30, 2006 - 2:56 AM

According to the most recent update to security-firm Symantec's biannual Internet Security Threat Report, the last six months saw a significant uptick in the number of security vulnerabilities found in web browsers. Leading the way was Firefox, with 47 flaws discovered. Researchers and hackers discovered 38 vulnerabilities in Internet Explorer, 12 in Safari, and seven in Opera.

Score: 0

By Mark Gillespie

edited Oct 2, 2006 - 3:18 AM

LOL, FireFox has a new 0 day exploit discovered, a very serious one...

Again proving, that if you want secure and functional browing, Opera is the ONLY choice.

It's an impressive feat on Opera's part, that their browser is available on so many platforms, and still maintains it's near faultless security record.

Score: 0

By Real1tyczech

edited Oct 2, 2006 - 12:41 PM

Mark Gillespie said...

"FireFox has a new 0 day exploit discovered, a very serious one"

-----------------------------------------------------

Potentially. It's not verified, and it's not
listed on any security sites as yet.

Leave your bias at the door and let the
actual facts play out as they may.

Score: 0

By Mark Gillespie

posted Sep 30, 2006 - 6:01 AM

Which is why I use Opera,the only browser with 0 unpatched vunrabiltiies, and a very low rate of discovered vunrabilities.

I you want safe browsing, Opera is the only choice.

Score: 0

By MrFlibble

posted Sep 30, 2006 - 4:03 AM

Not all flaws are equal. It's like doing a security survey and finding that bank A has a cracked skylight on the roof and bank B has a broken lock on the front door. Are they both equally insecure because they both have a security flaw? No. One flaw requires a cat burglar with a set of tools to get in, the other allows anybody to walk in off the street.
As well as the seriousness of the flaw, you would also have to consider how long they take to be fixed. If both banks have a broken lock on the front door, which bank is more secure, the one that fixes the lock as soon as somebody notices it's broken, or the bank that says, 'we'll fix the lock next month as part of out regular maintenance cycle, unless we notice a lot of people stealing from the bank in the meantime'?
On top of that, to push the analogy, you have to consider each bank's record. If bank A says, last year we had 47 security problems, including cracked windows and broken locks, and we fixed all of them in a timely fashion before any money was stolen, would you hold it against them?
What about bank B, which always says 'security problems? What security problems? What broken lock? Oh, that broken lock! What robbers making off with the cash? Oh, those robbers! Don't worry, it's only a very limited robbery. We'll get the lock fixed next month. Maybe.'

Score: 0

By tipsyboy

posted Sep 30, 2006 - 9:33 AM

Hear! Hear! - - Well said, indeed.

Score: 0

By mjm01010101

posted Sep 29, 2006 - 5:58 PM

It's readily apparent that depending on a Microsoft infrastructure is becoming a losing battle.

Score: 0

Dec 1 - 7:38 PM ET Intel tries to turn the tables on AMD in document discovery dispute

Dec 1 - 6:59 PM ET Palm to restructure yet again, may cut more jobs

Dec 1 - 4:58 PM ET Blockbuster downloads headed for more devices via Live Mesh

Dec 1 - 4:55 PM ET AOL's PlaySavvy speaks to game-shy parental units

Dec 1 - 4:41 PM ET Less bad news than anticipated for the semiconductor industry in 2008

Dec 1 - 3:51 PM ET 'Xohm' makes way for 'Clear,' as Sprint/Clearwire merger moves ahead

Dec 1 - 2:01 PM ET Chasing down the latest Cyber Monday tech deals

Dec 1 - 12:50 PM ET Will 'Cyber Monday' fare better than a weak 'Black Friday?'

Dec 1 - 12:38 PM ET Microsoft Cashback goes offline to Black Friday shoppers

Dec 1 - 11:19 AM ET DTV broadcasters could make another transition to mobile next year