About my screed on "0-day": Looks like I need a lesson on reading
comprehension. As has been kindly pointed out to me, the first
sentence of the original Microsoft Security Advisory at
https://technet.microsoft.com/en-us/library/security/2963983.aspx
says, "Microsoft is aware of limited, targeted attacks ..." I would
have had to click through an extra link to get to that statement, but
even the press account that started this thread, in the first
sentence of the second paragraph, reads, "Attacks taking advantage of
the vulnerability are largely targeting ..." So this does honor the
traditional use of "0-day", and I have no excuse.
Mea culpa,
-- dkm
At 4/29/2014 11:42 AM Tuesday, David McFarlane wrote:
><editorial>
>And going off on a tangent here... Have we changed the meaning of
>"Zero Day Vulnerability"? According to my understanding, and as
>corroborated by Wikipedia, a "Zero-day attack" refers to a situation
>where "There are zero days between the time the vulnerability is
>discovered (and made public), and the first attack." But in this
>case we have not yet seen any attack, so it would be more proper to
>refer to this as an n-day vulnerability, where n indicates the
>number of days since the vulnerability was discovered. Or has
>"0-day" suffered journalistic inflation, like so much of our
>terminology? If every discovered vulnerability is now considered
>"0-day", then what function does the modifier "0-day" serve? What
>then makes a "0-day" vulnerability different from a non 0-day vulnerability?
>
>This is much like the misused term DDoS, where in many cases the
>first "D" is irrelevant and simply DoS would serve. Sigh.
></editorial>
>
>-- dkm
>
>
>At 4/29/2014 11:29 AM Tuesday, David Graff wrote:
>>I agree that this is sensationalist. We have arbitrary code execution
>>vulnerabilities against Flash, Acrobat, and Java all the time and those have
>>active user bases on par with IE these days. What's one more way to
>>infiltrate an XP system?
>>
>>But, if you're looking for mitigation against unpatched buffer overrun
>>attacks Windows, its worth installing the EMET package from Microsoft and
>>accepting the default config which will run DEP and SEHOP in opt-out mode.
>>
>>http://www.microsoft.com/en-us/download/details.aspx?id=41138
>>
>>Hopefully the IE sandboxing that UAC creates is also containing this attack
>>for anything running Vista and newer.
>>
>>On Mon, 28 Apr 2014 14:41:39 -0400, David McFarlane <[log in to unmask]> wrote:
>>
>> >Yet another (less alarmist) perspective on
>> >this:
>> >http://steve.grc.com/2014/04/28/a-quick-mitigation-for-internet-ex
>> p lorers-new-0-day-vulnerability
>> >
>> >-- dkm "What, me worry?"
>> >
>> >
>> >At 4/28/2014 08:57 AM Monday, Murray, Troy wrote:
>> >>Zero-day exploit in every version of Internet Explorer discovered
>> >>late yesterday, and XP won't be patched when a fix is released.
>> >>
>> >><http://gizmodo.com/new-vulnerability-found-in-every-single-versi
>> o
>> n-of-inte-1568383903/+whitsongordon?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+lifehacker%2Ffull+%28Lifehacker%29>http://gizmodo.com/new-vulnerability-found-in-every-single-version-of-inte-1568383903/
|