At this week’s
Black hacking and security conference in Washington D.C, security researchers
disclosed vulnerably to a Zero-Day bug that could affect both Microsoft IE as
well as the 11 G database. After the
Black Hat disclosure of the exposure to the zero-day bug, Microsoft provided a
warning to its users. "Microsoft is aware of the presentation
at Black Hat … which describes proof-of-concept code on an information
disclosure vulnerability in Internet Explorer," a Microsoft spokesperson
told InternetNews.com in an e-mail. " This hole can impact customers running Windows
XP or who have disabled Internet Explorer Protected Mode." Microsoft recommended that users upgrade to
IE 8.
David Litchfield, a NGS Consulting researcher,
showed how user privileges for Oracle 11G Enterprise Editions could be elevated
to take control of the database and how to bypass the Oracle Security
Label. Litchfield expects a patch from
Oracle soon and suggested that Oracle 11g administrators restrict public execute
access to specific Java-based functions until Oracle fixes the zero-day
vulnerabilities. He said that it seems
that Oracle is overly reliant upon security tools to catch potential problems
after the product has shipped.
Related Links:
http://www.computerworld.com/s/article/9151318/Black_Hat_Zero_day_hack_of_Oracle_11g_database_revealed?taxonomyId=1
http://www.esecurityplanet.com/features/article.phpr/3863021/Microsoft-Warns-Users-of-Black-Hat-Zero-Day.htm