Shostack + Friends Blog Archive

 

Microsoft's "monkeys" find first zero-day exploit

Microsoft ‘s experimental Honeymonkey project has found almost 750 Web pages that attempt to load malicious code onto visitors’ computers and detected an attack using a vulnerability that had not been publicly disclosed, the software giant said in a paper released this month.

So reports Rob Lemos, in “Microsoft’s “monkeys” find first zero-day exploit.” We’ve always known that there’s lots of exploit code for unannounced vulnerabilities out there. Perhaps this will help us quantify that.

[Update: The vulnerability had been announced, but no patch was available. Pete Lindstrom has links in “Thank God for Honey Monkeys.” As to Pete’s question about how I know that there’s lots of exploit code, it’s easy. I’ve worked for organizations that took security seriously enough to detect and analyze new attacks. We regularly saw people exploiting unannounced flaws in our systems.]

2 comments on "Microsoft's "monkeys" find first zero-day exploit"

  • Thank God for Honey Monkeys

    Adam Shostack of Emergent Chaos noted the first zero-day exploit found by Microsoft’s honeymonkey project. I could have sworn I blogged about honey monkeys the first time this was mentioned on Securityfocus, but I can’t find a reference. Regardless, th…

  • Mr. Shostack, Tear Down that Wall!

    Adam at Emergent Chaos says:to Pete’s question about how I know that there’s lots of exploit code, it’s easy. I’ve worked for organizations that took security seriously enough to detect and analyze new attacks. We regularly saw people exploiting unanno…

Comments are closed.