New website tracks zero-day flaws
Published: 06 Dec 2006 09:41 GMT
eEye Digital Security has launched a website that tracks publicly released security bugs that don't have an official patch, also known as zero-day flaws.
The new eEye Zero-Day Tracker website on Tuesday listed seven zero-day vulnerabilities, six of which affect Microsoft software and one related to Adobe Systems' Acrobat. For each of the problems, eEye suggests steps people can take to protect against exploitation of the flaws.
"More zero-day security vulnerabilities and attacks are being discovered every day," Marc Maiffret, eEye's chief technology officer, said in a statement. "We've been overwhelmed by requests from our customers to give them the information and time they need to protect their networks."
Security monitoring companies Secunia and the French Security Incident Response Team, or FrSIRT, also track unpatched flaws. However, these companies don't offer a simple overview of all zero-days. Secunia lists them by product, for example.
There has been an apparent increase this year in the use of new, yet-to-be-patched flaws in targeted cyberattacks. Cybercrooks have found that they could take advantage of Microsoft's monthly patch cycle by timing new attacks right after the software maker releases its fixes.
Microsoft's patch day is on the second Tuesday of each month, and the company doesn't break its cycle unless an attack has a widespread impact. As a result, security experts have coined the term "Zero-day Wednesdays".
Flaws in Office applications especially seem to be favoured by the bad guys. Microsoft and security companies have repeatedly had to issue warnings this year about new, small-scale attacks that exploit yet-to-be-plugged security holes in applications such as Word, PowerPoint and Excel.
Did you find this article useful?
240 out of 307 people found this useful
Digg
Slashdot
Del.ici.ous
Stumble
Reddit
