Report lists 600 new vulnerabilities in Q1
More than 600 new Internet security vulnerabilities were discovered during the first quarter of 2005, according to the highly respected SANS Institute Quarterly Security bulletin. It may come as a surprise that many of these security issues are found in software judged ‘safe’ including Windows XP Service Pack 2 and some well known security packages from Symantec, Trend Micro and McAfee.
‘These critical vulnerabilities are widespread and many of them are being exploited, right now, in our homes and in our offices,’ said Alan Paller, director of research for the SANS Institute. ‘We’re publishing this list as a red flag for individuals as well as IT departments. Too many people are unaware of these vulnerabilities, or mistakenly believe their computers are protected’
To appear on the list, the vulnerabilities can only have been discovered in the first quarter of this year, must affect a large number of users, and have not been patched on a ‘substantial’ number of machines.
Among the security problems highlighted by the report are machines running Internet Explorer which are vulnerable to spyware, keystroke loggers, and remote control software installed when the user visits any websites that hold traps to exploit the vulnerabilities.
The report may have come as a surprise to many who thought that various Microsoft service packs were intended to plug all loopholes. Windows XP Service Pack 1 and 2, Windows 2000 Service Pack 3 and 4, and Windows Server 2003 contain a Server Message Block (SMB) vulnerability that may allow computers with to be compromised by an attacker running a malicious server.
Similarly, managers of Oracle servers which have not been patched by the company’s January 2005 Critical Patch Update could find hackers have gained control of the database and the sensitive information held there.
Even more surprising is the news that security products themselves have proved vulnerable. According to the report, anti-virus products from Symantec, F-Secure, TrendMicro and McAfee can be subject to buffer overflows in decoding certain types of files that means that remote attackers can take complete control of computers running these security products.
Finally before Mac users get too smug, the report also notes that a number of audiovisual players including the desktop and laptop versions of RealPlayer, iTunes and WinAmp Media Players could also be affected by buffer overflows. Users of these applications could be compromised by visiting a website infected with malicious code.