And I thought I was patched!
We got all excited today because one of our fully-patched goat pcs got nailed by a website. (The fact that we got all excited tends to show how sad malware researchers are in general, but that's another matter)
"0-day!", we thought, but as we examined the packets from our sniffers, we sadly realized that we weren't really fully patched. Turns out we had an old copy of WinZip (yes, licensed!), and this particular website had a WinZip exploit, along with several others.
This got us to thinking and wondering, however, how many other machines have some third party software that is not patched? Windows is ubiquitous, some third-party software is _almost_ so, and an exploit for a third party package is likely to be just as productive as a windows 0-day.
The moral of the story, folks, is keep _all_ your software up to date.
Remember, the Bad Guys don't want to shut down the Internet any more... they don't want to cut down the tree... they just shake it from time to time, and see what apples fall off.
Labels: winzip exploit