Patch Tuesday - February 2007

Hey Readers,

Now that the dust has started to settle (and our livers are recovered from RSA), we just wanted to give a quick heads up from this Patch Tuesday.  Microsoft has patched 6 of the ZDT entries, which only leaves 6 active zero-days.  Most notably they've patched 4 Word zero-days, leaving only one Word zero-day remaining.  You can read our take on each of the patches in our security bulletin.  Also, feel free to go ahead and register for tomorrow's Vulnerability Expert Forum for a better look at the security landscape.

As always, you can send any questions directly to us at skunkworks@eeye.com.

eEye Research Update

Just wanted to give a heads-up on some updates to the eEye Research Portal:

1 - New Tool: UFuz3 - Yuji Ukai has written a pretty cool integer overflow file fuzzer that can be used against any binary-file format.  It also has a nice 'point-and-click' GUI and an included demo, so it's pretty easy for everyone to quickly use and understand.

2 - New Zero-Day Entry: Word Unspecified Exploit(3) - Yet another Word zero-day is being exploited in the wild which bring the grand total up to 4.

3 - New Zero-Day Entry: Office Unspecified Exploit - Although this one is attacking Excel directly, all signs point to a shared resource available for all Office applications (mso.dll?).  So, keep an eye out for ALL office attachments.

As of right now, there are 10 active high-impact zero-day vulnerabilities, all belonging to Microsoft. Hopefully we'll see this number drop next Patch Tuesday, Feb 13th, but we also were hoping for that on Jan 9th, so I guess we shall see.

Also, for those of you attending RSA, eEye has a booth (#805) during the conference to announce the release of Blink 3.0.  A few of our lead researchers and developers will also be manning the booth to answer some of your more technical questions.  So come by for some eEye schwag and maybe even bring your resume as we are looking for some good applicants to join our team.