Some more 0-days from ZDI
For those of us that are in patching world the last few weeks has not been fun. It seemed like there was a new critical issue almost every other day and almost certainly just after you finished the previous round of patching. I guess that is what happens when a hacking firm is breached.
Well unfortunately I'm here to add to your woes. BK wrote in (thanks) to remind me that on the same day that Microsoft patched a critical issue, ZDI released four vulnerabilities that, whilst based on their CVSS score may not quite reach critical (in Microsoft world), will likely result in a patch for most systems (including Windows phone).
- http://www.zerodayinitiative.
com/advisories/ZDI-15-359/ - http://www.zerodayinitiative.
com/advisories/ZDI-15-360/ - http://www.zerodayinitiative.
com/advisories/ZDI-15-361/ - http://www.zerodayinitiative.
com/advisories/ZDI-15-362/
In this case all four were discovered in-house, disclosed to the vendor over 120 days ago and as of release unlikely to have an exploit associated with it. That is however likely to change.
Mark H
Comments
This is even straining the ability of automatic updating to apply the updates in time. I would say the world will be a better place after this episode, but there are probably thousands more zero days that we do not know about and maybe never will.
Anonymous
Jul 23rd 2015
9 years ago
Anonymous
Jul 23rd 2015
9 years ago
The text "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer, including on Windows Phone" in http://www.zerodayinitiative.com/advisories/ZDI-15-359/ may have contributed to the confusion.
However, all four pages indicate at the top: Affected Products: Internet Explorer Mobile
Anonymous
Jul 24th 2015
9 years ago
The text "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer, including on Windows Phone" in http://www.zerodayinitiative.com/advisories/ZDI-15-359/ may have contributed to the confusion.
However, all four pages indicate at the top: Affected Products: Internet Explorer Mobile[/quote]
Also note this since this only affects Windows phone it is impossible to use another browser as there are no other browsers for Windows phone.
Anonymous
Jul 27th 2015
9 years ago