OneCare gets security patch from Microsoft

Microsoft stays one step ahead of rivals, fixes OneCare before flaw details spread to rivals.

Microsoft has given warning over a flaw in Word, but managed to patch vulnerabilities in its OneCare security software before details of the problem leaked to security companies.

The MSA 933052 vulnerability affects Office 2000 and XP and has the potential for a remote attacker to run arbitrary code on the target computer.

There are already reports of what Microsoft describes as 'very limited, targeted attacks attempting to exploit this'.

It says that it 'has added detection to the Windows Live OneCare safety scanner for up-to-date removal of malicious software that attempts to exploit this vulnerability,' and that it 'intends to actively share information with Microsoft Security Response Alliance partners so that their detection can be up to date to detect and remove attacks.'

In short: for the time being Microsoft OneCare customers are protected. Customers using software from rivals such as Symantec, McAfee, F-Secure, Kaspersky and others may not be.

Microsoft told us that: 'Live OneCare had been updated earlier. The current attacks that seek to exploit the vulnerability in Microsoft Security Advisory 933052 also aim to exploit other, older vulnerabilities for which security updates are already available, and Microsoft previously added detection for malware that attempted to exploit those issues.

'As part of the regular security response process, this information will be made available as soon as possible to partners through the Microsoft Security Response Alliance (MSRA), which is a comprehensive organization that allows industry partners and governments to share information and best practices to help protect customers from malicious threats.'

Eyebrows were raised about the possible anticompetitiveness of Microsoft entering the consumer security software market, and its ability to gain prior access to vulnerability details highlights the issue.

Kevin Hogan, Director of Symantec Security Response, admitted that: 'To a degree, Microsoft has an advantage over others in the IT community, as responsible members of the community are obliged to provide Microsoft with information regarding new vulnerabilities and exploits that affect its OS or applications.

'In the case of malware that uses zero-day exploits, that means giving Microsoft samples of the malware as well. Microsoft can and does leverage its position as the vendor of the OS or application to ensure its security software is kept up-to-date more quickly than other vendors who may not have received that particular sample or have any information. This advantage is especially pronounced when dealing with targeted attacks, where maybe only one vendor has the relevant sample. Such is the case with the malware mentioned in MSA 933052.'

Mikko Hypponen, Chief Research Officer at Finnish security company F-Secure told us the company was in discussions with Microsoft over this issue, but that he couldn't comment further.

Hogan maintained that 'Symantec does not rely on Microsoft's published analysis of malware for our own detections,' but that it uses 'information from Microsoft in our own research to identify signatures and other solutions to protect our own customers from the possible impact of these vulnerability announcements.'

Access to vulnerability details is one of the key fronts in security offerings. Shoring up the means by which an attacker can exploit a vulnerability obviates the need to address each variation of an attack with a separate virus signature. In the case of the LSASS Windows vulnerability, using intrusion prevention systems to close up the vulnerability is the equivalent of fending off the 394 virus variants used to attack the flaw in a single bound.

Hogan added that despite Microsoft's advantages, it doesn't appear to have been successful against its competitors. 'That's not to say that this [early access to vulnerability details] benefits Microsoft across the board. While ownership of the OS and malware reporting tools that ship with OS updates and send back infection information and samples is advantage enough, it doesn't necessarily seem to have benefited them to the degree you'd expect based on our own internal and third-party evaluation of their security offerings.'

Even so, it's relatively early days for Microsoft's consumer security software. Built around expertise bought in from Romanian antivirus company GeCAD, OneCare only launched in the US in the middle of last year, hitting UK shores in January 2007.

Featured Resources

BCDR buyer's guide for MSPs

How to choose a business continuity and disaster recovery solution

Download now

The definitive guide to IT security

Protecting your MSP and your customers

Download now

Cost of a data breach report 2020

Find out what factors help mitigate breach costs

Download now

The complete guide to changing your phone system provider

Optimise your phone system for better business results

Download now

Recommended

Defense Dept. expands vulnerability disclosure program to all publicly accessible defense systems
ethical hacking

Defense Dept. expands vulnerability disclosure program to all publicly accessible defense systems

5 May 2021
Security researchers take control of a Tesla via drone
ethical hacking

Security researchers take control of a Tesla via drone

5 May 2021
Best free malware removal tools 2021
Security

Best free malware removal tools 2021

5 May 2021
Acuant acquires identity verification provider Hello Soda
mergers and acquisitions

Acuant acquires identity verification provider Hello Soda

4 May 2021

Most Popular

16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

29 Apr 2021
How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

30 Apr 2021
Dell patches vulnerability affecting hundreds of computer models worldwide
cyber security

Dell patches vulnerability affecting hundreds of computer models worldwide

5 May 2021