Widespread Web Site Attacks Reported
Following the reports of high profile web sites like syfy.com and php-nuke.org being compromised, another widespread attack on web servers has been reported. The attacks compromise sites running WordPress and other popular blog software. The attack mechanism is not yet known, but clients should ensure that the latest WordPress version is installed. Sites using shared hosting are especially susceptible as compromise of a neighboring site often spreads to the remaining virtual hosts. We also encourage clients to review their sites for signs of infection and take appropriate remediation steps. In particular, clients should look for modifications made to html source pages as well as database table changes.
http://www.h-online.com/security/news/item/Large-scale-attack-on-WordPress-996628.html
http://www.psychcomp.com/syfycom-hosts-malware/
http://twitter.com/lordparody/status/13600067003
http://www.sophos.com/blogs/sophoslabs/?p=9585
Microsoft Outlook Express Exploit
Exploit code has been made publicly available that triggers a vulnerability in Microsoft Outlook Express and Windows Mail. The integer overflow vulnerability could allow a remote attacker to execute arbitrary code, although the attacker would need to control the mail server being used by the victim. At this time, there is no known vendor patch available.
http://www.exploit-db.com/exploits/12564
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0816
Microsoft’s May Security Patches
As a reminder, Microsoft will be issuing their May security release later today. The two scheduled bulletins will address remote code execution vulnerabilities in Windows and Office. We will update the assessment when more details are available.
http://www.microsoft.com/technet/security/Bulletin/MS10-may.mspx
1 Comments.