Responsible Disclosure; Spyware Resources

As you know, Microsoft recently released a patch (MS05-001) that corrects a problem with the HTML Help system. The vulnerability could allow a remote intruder to execute code on an affected user's system.

http://www.microsoft.com/technet/security/bulletin/MS05-001.mspx

Last week, GeCAD NET reported that it had discovered that the patch isn't entirely effective. The company found a way to exploit systems running Windows 2000 Service Pack 4 (SP4) and Windows XP SP1, even with the patch installed. The company also said that as far as it knows at this time, the exploit doesn't work on XP SP2 with the patch installed.

What I found most interesting about GeCAD NET's discovery is the way the company reported it to the public. First, the company posted a summary report of its findings to the Bugtraq mailing list. The company also took the time to post workaround advice to help protect computer users: Either load XP SP2 and the patch or set the security of Microsoft Internet Explorer's (IE's) Internet Zone to high.

http://www.gecadnet.ro/windows/?AID=1381

After notifying Microsoft (which said it would investigate the problem), GeCAD NET added the following statement to its announcement: "Due to the fact that this attack method allows the exploit of an extremely critical vulnerability on an up-to-date system, GeCAD NET has decided not to release, for the time being, any technical information about this exploit."

I think that's responsible disclosure. Those with an interest in security are now aware that their systems might still be exposed even with the latest patches installed, the vendor is researching the problem, and intruders must rack their brains if they want to find a way to exploit the problem.

That said, I want to point out some interesting information that relates to spyware. Benjamin Edelman's Web site has a hawk eye on spyware, probably to the extreme dismay of those who rely on spyware to peddle their wares in cyberspace. Edelman has a long list of articles that cover loads of interesting information about spyware, including how it works, who's using it, and who's funding it. Check it out.

http://www.benedelman.org

Also be sure to read the related news item "New Spyware Management Resources Aim to Help Admins" below to learn about new resources you can use to help you reduce unwanted spyware pests in your network environments.

Until next time, have a great week!