THREAT BULLETIN: Windows Zero-Day Vulnerability Exploited

17 Jun

Hackers are exploiting the vulnerability disclosed last week in the Windows Help and Support Center functions for Windows XP and Windows Server 2003. In a traditional drive-by attack a website has been compromised to serve an exploit, which can hijack computers running Windows XP.

Symantec has received about 300 pings from in-field products globally in more than 20 countries. This has a severity of around six or seven, when using a scale of one to ten, with ten being the most severe. We expect this severity to continue to rise while the issue is unpatched from Microsoft. Microsoft said the exploit has since been removed from the site. However, they expect additional exploitation due to the public disclosure of the details.

Symantec advises computer users to keep their security solution updated regularly and avoid visiting links from unknown sources.

Best Practices:

Use IPS (Network Threat Protection)

Threats today are web –based. The Intrusion Prevention System (IPS) in Symantec Endpoint Protection stops threats before they can infiltrate a machine. IPS stops vulnerability exploits, Drive-by-Downloads and Fake AV installation.

Improve default Symantec Endpoint Protection settings

Get the most out of your Symantec Endpoint Protection product by improving its default settings. Only a few setting changes can make a big improvement to your security. Learn more about our recommended policies

Keep browser plugins patched

Attacks have moved to the browser. It’s critical that attackers not be able to use Microsoft® Internet Explorer, or Adobe® Reader/Acrobat/Flash vulnerabilities to get on a system. Use each vendor’s auto update or software distribution tools to install patches as soon as they become available.

Block P2P usage

The simplest method for distributing malware is hidden inside files be shared on peer-to-peer (P2P) networks. Create and enforce a no-P2P policy, inlcuing home usage of a company machine. Enforce the policy at the gateway and/or desktop. Learn more about using Symantec Endpoint Protection’s Application Control to block P2P at the desktop

Turn off AutoRun

Stop Conficker/Downadup and other network based worms from jumping from USB keys and network drives without changing company polices on Open Shares. Learn more

Leave a comment

Posted by on June 17, 2010 in Symantec


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: