Computer Crime Research Center


Microsoft predicts hacker behaviour

Date: October 16, 2008

Microsoft has released its monthly Windows security update, this time with 11 bulletins fixing 20 problems. It’s the first bulletin to rank problems both for their inherent security risk and the likelihood they’ll be exploited.

The problems rated as critical (meaning hackers could do some serious damage without needing any further action from the computer user) affect:
Office 2000 (specifically Excel)
Internet Explorer 5 and 6
Microsoft Host Integration Server
Windows 2000 Server

If you use any of those applications and have Windows Update set to one of the manual download options, it’s well worth making sure you get these particular updates.

There are also kill bits for Microgaming Download Helper, System Requirement Labs and Photostock Plus Uploader. A kill bit is a block, placed in the Windows Registry to stop a program, known to be exploitable in Windows, from ever loading. In most cases, the manufacturer will already have fixed the problem, but this is a way of protecting anyone who’s not downloaded the manufacturer’s update.

Microsoft’s summary of the update also included the first ‘exploitability index’, that measures how likely it is that hackers will go after a particular vulnerability.

The prediction covers the next 30 days, which includes the gap between the details of the fix becoming available (allowing hackers to work out the precise loophole) and all users applying the update.

Each problem is rated on a three-point scale, with the highest rating being ‘Consistent exploit code likely’. This month, seven of the problems earn this rating, including some of the Office 2000, IE 5&6 and Host Integration Server issues, which are therefore the most dangerous loopholes overall.
Original article

Add comment  Email to a Friend

Copyright © 2001-2013 Computer Crime Research Center
CCRC logo