Zero-Day Vulnerability Follows October ‘06 Patch Tuesday
Tuesday October 17, 2006 at 9:20 am CST
Posted by Karthik Raman
Patch Tuesday refers to the second Tuesday of each month when Microsoft releases security updates for its products. As a matter of policy, Microsoft releases patches only on Patch Tuesday. (One recent exception to this was an out-of-cycle patch for the Internet Explorer VML vulnerability.)
The researchers at McAfee Avert Labs follow Patch Tuesday with interest: Microsoft’s products are used by the lion’s share of industry and home users, and un-patched vulnerabilities in Microsoft’s products can often have an impact on global security.
Back in July 2006, Patch Tuesday fell on July 11. On July 12, a Trojan, Exploit-PPT.b, was released. This Trojan exploited a previously-unknown Microsoft PowerPoint vulnerability.
An exploit for a new vulnerability follows a Patch Tuesday. A one-time event?
This month, on 12 October 2006-two days after the October Patch Tuesday-we discovered a zero-day exploit in the wild for a new Microsoft PowerPoint 2003 vulnerability, CVE-2006-5296. Microsoft has said on its TechNet blog that this exploit could carry out code execution on the victim’s machine.
Security expert Bruce Schneier has commented that exploits might be released to follow a Patch Tuesday to maximize the “window of exposure”-the time until next month’s Patch Tuesday arrives with security patches for the new vulnerability.
Is Zero-Day Wednesday (or Thursday) going to become a trend? We’ll be watching.
October 31st, 2006 at 12:49 pm
[…] Trackback In my last blog entry I talked about the consequences of Microsoft’s policy of releasing security updates only once a month. Is this encouraging exploit writers to release zero-day Microsoft exploits soon after a month’s Patch Tuesday to maximize the vulnerability’s window of exposure?Yesterday, on 24 Oct 2006, exploit code was released for a Microsoft Internet Explorer (IE) vulnerability. This proof-of-code code could cause denial-of-service (DoS) in IE. Avert Labs is investigating this exploit further. […]
November 2nd, 2006 at 11:11 am
[…] The most interesting part lately (IMO anyway) of zero-day threats surround Microsoft patch releases. In recent months, there has been a growing correlation between when Microsoft releases their regular patches and the discovery/disclosure of zero-day exploits. They tend to appear +-3 days of the patch release, allowing them to maximize their window of opportunity. This would seem to evidence that attackers are exploiting this release model to their advantage. Bruce Schneier has also weighed in on this issue on his own blog. […]