About | Buy Stuff | News | Products | Rants | Search | Security
Home » News » Roundups

Zero Day Wednesday

Microsoft not only open the barn door - they tell everyone when they're going to do it.


Get It

Try It

For the past two years Microsoft have released their security patches on the second Tuesday of each month. Guess which day black hats use to unleash their exploits?

The day after - 'Zero Day Wednesday'.

It's one of the easiest tricks in the world. You found a hack? Sit on it. And wait for Microsoft's 'Patch Tuesday' and use your hack the day after.

You've got four weeks for your victims to find out how they've been screwed, alert Microsoft, and get a new patch. That's plenty time to reap significant rewards.

Several years back Microsoft would release patches as other companies do - 'willy nilly'. The catch was that Microsoft patches were often worse than the issues they tried to fix. On at least two well publicised occasions hundreds of thousands of computers and networks were destroyed by these poorly tested Microsoft updates.

Patch Tuesday

The solution? Or so Microsoft thought at the time: limit updates to the second Tuesday of every month - 'Patch Tuesday'. Administrators will be ready and have allocated time to test the patches before they're deployed.

But this gives the black hats an unprecedented advantage. As soon as something goes into the wild it's only a matter of time before it's picked up, analysed, and sent on to Redmond where a patch is created. But given a full month but one day to let the bad stuff proliferate, black hats optimise their window of opportunity.

Find a great hack into Microsoft software? Sit on it - and wait patiently until Patch Tuesday is there and gone. And only then use it.

Wait until Zero Day Wednesday.

Targeted

Zero Day Wednesday attacks are not virulent waves of destruction: they're most often targeted at individual (or a very few) corporations with specific goals in mind. As the attack vectors are not known (or even suspected) there's little chance the victims will ever know what hit them - if ever.

  • In May 2006 an attack on Word appeared on Zero Day Wednesday; it was patched a month later.
  • In June 2006 an attack on Excel appeared on Zero Day Wednesday; it too remained open for weeks.
  • In July 2006 an attack on PowerPoint appeared on Zero Day Wednesday; it too was patched after the typically long wait - but not before any number of copycat exploits were found in the wild.

And so on. For black hats the biggest day of the month - of any month - is a Wednesday.

As customers cannot rely on the Redmond company's patches not nuking their systems, Microsoft have had to establish a timetable for updates - but this gives the black hats an advantage they would never otherwise be able to enjoy.

Chocoholic Trap 2007

This week's Zero Day Wednesday offers another treat: yet another hole in Word is being actively exploited. And whether or not Microsoft have the code to fix this flaw doesn't matter: if you're yet another fool running Redmond software, you won't get your fix for another four weeks.

See Also
CNET: Zero-day Wednesdays
Beware: Zero-day follows Patch Tuesday
ZDNet: Zero-day attacks continue to hit Microsoft
ZDNet UK: Microsoft besieged by zero-day attacks
eWEEK: Microsoft Issues Word Zero-Day Attack Alert

About | Buy | News | Products | Rants | Search | Security
Copyright © Radsoft. All rights reserved.