Monthly Threat Summary - September 2006
The Aug. 8 Microsoft Corp. Security Bulletin set a record in terms of the total number of vulnerabilities addressed (23; the previous record was last month's 21) and the number of vulnerabilities labeled as Critical (15 this month as opposed to 11 last month). Of these vulnerabilities, security experts consider MS06-040 to be the most critical and it should be patched immediately.
Two other events of note over the past two weeks was the DEFCON convention, held in Las Vegas from Aug. 4-6, and the Black Hat convention, held in the same town from July 29-Aug. 1. Although these conferences are as much (or even more) social gatherings as they are professional conferences, at both of these events speakers announced a number of new vulnerabilities and attack techniques, which will doubtless inspire budding hackers to emulate and improve upon them.
One potentially significant issue that emerged at DEFCON was the announcement of a means to – in theory at least – use a BlackBerry to hack into a corporate network. The technique involves connecting to a malicious host using a BlackBerry device, then connecting from the malicious host (located on the Internet) to the Rim Server residing on the internal network (Hines, Matthew, "Researchers Warn of Serious BlackBerry Vulnerability," eWeek Aug. 8, 2006 ,
Malicious cyber activity in the near future will likely revolve around
- the vulnerabilities announced in the latest Microsoft Security Bulletin, as hackers attempt to exploit the window of opportunity to develop attack methods before user's computers are patched, and
- the attack techniques publicized in the DEFCON/Black Hat conferences, which will likewise encourage malicious actors to attempt to emulate them.
Of these, the most troubling, again, is Microsoft's announcement of the MS06-040 vulnerability; at least one bot that targets the vulnerability has already been released, and more malicious codes are almost certainly soon to follow .