Security Updates for Exploit-TaroDrop.e

Following the public advisory of a zero-day attack published by JustSystems and McAfee® Avert® Labs on August 26, an official security update is now available from the vendor at: http://www.justsystems.com/jp/info/pd8002.html.

The protection has also been available to McAfee customers in the 5368 DATs since August 22. As Avert Labs continues to update our protection for ongoing attacks, Ichitaro users are highly advised to patch this vulnerability as soon as possible.

The debate of full disclosure vs. responsible disclosure vs. nondisclosure has been going on for years, and we have discussed it several times in blogs and even in one of our earliest AudioParasitics podcast sessions:

- http://www.labs.com/research/blog/?p=270
- http://podcasts.mcafee.com/audioparasitics/AudioParasitics-Episode7-5-2007.mp3

We would like to highlight the importance of responsible disclosure such as this. In case of a new attack, restricted information and protection must be made available to all affected users just sufficient to detect and protect against the latest security compromises. All information must be released without compromising the security of affected users, and while providing ample time for affected vendors to verify the issue and inform their customers. No details must be given that would allow the bad guys to discover and exploit the vulnerabilities; however, keeping the existence of a known vulnerability secret leaves users unprotected and uninformed.

As our vulnerability research colleague Rahul Kashyap puts it in his blog, “our mission is to protect our customers and the Internet community at-large, not to create hype and FUD by giving the world a chance to exploit unpatched flaws! Failing to disclose to anyone leaves the good guys in the dark–but supporting irresponsible disclosure gives the bad guys night vision.”

Ichitaro zero-day vulnerability response: