CERTStation Week In Review Transcript: week 24, 2009           A Privilege Escalation vulnerability has been discovered in WebDAV extension for IIS as it fails to properly handle specially crafted HTTP requests. Successful exploitation allows attackers to gain unauthorized access and upload files to Web servers. Microsoft maintains that only a specific IIS configuration is at risk from this flaw, researchers claim that this flaw can be traced back to a logic mistake exploited by Code Red in 2001. In the absence of patches, Microsoft recommends disabling WebDAV in IIE 5, 5.1 and 6 to counter this vulnerability.           Loophole in China's registrar DNSPod's DNS servers allows attackers to persuade a very popular video application in flooding the telecom networks with Information requests. The flaw further leads to hampering the Internet access in China’s five northern and coastal provinces. Although, this flaw has bombarded just one company with DDOS attacks but the multiplier effect of all Zombies to communicate with the server, at the same time, aggravates the situation and freezes the replying ability of the server. As a remedy, telecom network operators have blocked access to the IP address of DNSPod in order to escape overwhelming resource consumption.           According to research reports, Apple has not patched a six month old Drive-by-download hole in Mac OS X and de-serialization of object flaws in the sandbox of the Java Virtual machine. Successful exploitation of vulnerability permits attackers to execute arbitrary code remotely in Java enabled web browsers. The vulnerability leads to taking complete control of the vulnerable systems by directing the Safari users to a specially crafted web page. Hackers have released the easily de-compilable proof of concept that can lead to creation of drive-by-exploit for Mac OS X.           According to research reports, non-persistent Cross-site scripting vulnerability has been discovered in two websites belonging to the Bank of America and U.S. Bank. This weakness leads to phishing attacks in addition to hijacking sessions and injecting Hidden IFrames which load malicious JavaScript code in the background. As far as mitigation mechanisms are concerned, any attempt to fix it is unheard of until recently.           Conficker worm is infecting about 50,000 new PCs each day, according to a recent research study. It started its malicious activities a year back and is still multiplying at a very fast pace via exploiting a recently patched flaw in Microsoft Windows. It is also exploiting removable storage devices to hop from one PC to the other. Although, media hype has grounded the worm, million dollar Fortune companies have not been able to stop it until recently.                 If you enjoyed this podcast why not visit CERTStation.com and check out our free Internet Security Dashboard. In the meantime this is your host Jay Johnson wishing you a safe and secure week.       CERTStation’s services and products are not endorsed, authorized or sponsored by, nor affiliated with, Carnegie Mellon University, the Software Engineering Institute or the CERT Coordination Center. Copyrights © CERTStation | Site Map | Reviews | Contact Us